Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Epiphany
(Gnome)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-12-16 | CVE-2021-45085 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. | Debian_linux, Epiphany | 6.1 | ||
| 2021-12-16 | CVE-2021-45087 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. | Debian_linux, Epiphany | 6.1 | ||
| 2021-12-16 | CVE-2021-45088 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. | Debian_linux, Epiphany | 6.1 | ||
| 2005-05-02 | CVE-2005-0238 | The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | Epiphany, Camino, Mozilla, Omniweb, Opera_browser | N/A | ||
| 2021-12-16 | CVE-2021-45086 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. | Debian_linux, Epiphany | 6.1 | ||
| 2018-05-23 | CVE-2018-11396 | ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. | Epiphany | 7.5 | ||
| 2018-06-07 | CVE-2018-12016 | libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls. | Epiphany | 7.5 | ||
| 2017-07-17 | CVE-2017-1000025 | GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. | Epiphany | 7.5 | ||
| 2010-10-14 | CVE-2010-3312 | Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate. | Epiphany | N/A | ||
| 2009-01-28 | CVE-2008-5985 | Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). | Epiphany | N/A |