In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript codes behavior.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gnome-shell | Ubuntu | devel | * |
Gnome-shell | Ubuntu | focal | * |
Gnome-shell | Ubuntu | jammy | * |
Gnome-shell | Ubuntu | mantic | * |
Gnome-shell | Ubuntu | noble | * |
Gnome-shell | Ubuntu | upstream | * |
Red Hat Enterprise Linux 8 | RedHat | gnome-shell-0:3.32.2-56.el8_10 | * |