Gnome Epiphany
13 CVEs affecting Gnome Epiphany. Latest disclosed: 2023-02-20. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-6251 | High | 8.1 | 2019-01-14 | WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious… |
CVE-2023-26081 | High | 7.5 | 2023-02-20 | In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. |
CVE-2022-29536 | High | 7.5 | 2022-04-20 | In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long… |
CVE-2018-12016 | High | 7.5 | 2018-06-07 | libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open an… |
CVE-2018-11396 | High | 7.5 | 2018-05-23 | ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via Java… |
CVE-2017-1000025 | High | 7.5 | 2017-07-17 | GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager s… |
CVE-2021-45088 | Medium | 6.1 | 2021-12-16 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. |
CVE-2021-45087 | Medium | 6.1 | 2021-12-16 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. |
CVE-2021-45086 | Medium | 6.1 | 2021-12-16 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. |
CVE-2021-45085 | Medium | 6.1 | 2021-12-16 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS… |
CVE-2010-3312 | | 2010-10-14 | Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without… | |
CVE-2008-5985 | | 2009-01-28 | Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a… | |
CVE-2005-0238 | | 2005-05-02 | The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in U… |