5 matches found
SUSE CVE-2010-3312
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificat...
SuSE 11.1 Security Update : epiphany (SAT Patch Number 3611)
epiphany does not support verification of ssl certificates. It nevertheless displayed all https connections as secure. CVE-2010-3312 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text...
CVE-2010-3312
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificat...
Open redirect
Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312...
CVE-2010-3312
CVE-2010-3312 affects Epiphany (2.28/2.29) when using WebKit and LibSoup, where the UI unconditionally shows a closed-lock icon for any https URL, potentially enabling MITM via a crafted X.509 certificate. Related advisories mention Midori pre-0.2.5 and OpenSUSE/openSUSE libwebkit/WebKitGTK+ vers...