accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4, allows a denial of service (application crash) because maintenance of the m_deferredFocusedNodeChange data structure mishandles removal. Upstream patch: https://trac.webkit.org/changeset/257292/webkit
Created webkit2gtk3 tracking bugs for this issue: Affects: fedora-all [bug 1811722]
Note this was misclassified as denial of service, but it's actually a use after free, which we classify as remote code execution.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4035 https://access.redhat.com/errata/RHSA-2020:4035
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10018
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4451 https://access.redhat.com/errata/RHSA-2020:4451