13 matches found
CVE-2019-6251
CVE-2019-6251 affects WebKitGTK and WPE WebKit prior to 2.24.1. The issue is address bar spoofing via certain JavaScript redirections that could cause malicious content to appear as if it were from a trusted URI. Publicly documented references in Debian/Ubuntu/RHEL ecosystems confirm the vulnerab...
CVE-2018-11396
Epiphany (GNOME Web) is affected by CVE-2018-11396 through the component ephy-session.c in libephymain.so, with the vulnerability allowing a remote attacker to crash the application via crafted JavaScript (e.g., window.open triggering a NULL URL). Public sources in connected documents describe a ...
CVE-2022-29536
CVE-2022-29536 affects GNOME Epiphany before 41.4 and 42.x before 42.2. A buffer overflow in the UI process (ephy_string_shorten) can be triggered by a long page title because the UTF-8 ellipsis byte length is not properly accounted for. Impact per referenced advisories is memory corruption/crash...
CVE-2021-45085
CVE-2021-45085 affects GNOME Web (Epiphany) where XSS is possible via an about: page. The issue occurs in Epiphany builds prior to 40.4 and 41.x prior to 41.1 when a user visits an XSS payload page, e.g., ephy-about:overview, which can land a page on the Most Visited list. Public details in conne...
CVE-2021-45087
CVE-2021-45087 affects GNOME Web (Epiphany). The vulnerability arises when using View Source mode or Reader mode, allowing an XSS payload via the page title. Affected component is Epiphany/GNOME Web; root cause is improper handling in those modes leading to script execution. Impact is XSS under t...
CVE-2021-45086
CVE-2021-45086 affects GNOME Web (Epiphany) where a server-provided suggested_filename is used as the pdf_name value in PDF.js, enabling XSS. Affected versions include GNOME Web before 40.4 and 41.x before 41.1; exploitation details and in-the-wild status are not shown in the provided documents. ...
CVE-2021-45088
CVE-2021-45088 is an XSS vulnerability in GNOME Web (Epiphany) exploitable via an error page, affecting Epiphany/GNOME Web up to versions before 40.4 and 41.x before 41.1. Connected sources confirm this CVE as part of multiple GNOME/Epiphany XSS issues and indicate Debian/Mageia advisories with f...
CVE-2008-5985
CVE-2008-5985 affects the Epiphany Python interface (notably Epiphany 2.22.3 and possibly other versions) via an untrusted search path vulnerability. Malicious local users could execute arbitrary code by placing a Trojan horse Python file in the current working directory, related to PySys_SetArgv...
CVE-2023-26081
CVE-2023-26081 affects Epiphany (GNOME Web) up to version 43.0, where autofill can exfiltrate passwords from sandboxed content (e.g., CSP sandbox or iframe). Exploitation would require untrusted web content, but attackers could leverage sandbox context to access credentials. Remediation across di...
CVE-2005-0238
CVE-2005-0238 concerns the International Domain Name (IDN) support in Epiphany, where punycode-encoded domain names decoded in URLs and SSL certificates can be interpreted using homograph characters from other scripts. This enables remote attackers to spoof legitimate domain names and facilitates...
CVE-2018-12016
CVE-2018-12016 affects GNOME Web (Epiphany) with the vulnerable component libephymain.so in Epiphany up to version 3.28.2.1, enabling remote DoS (application crash) via window.open and document.write calls. Related entries confirm the issue across multiple advisories; Fedora patches were issued (...
CVE-2010-3312
CVE-2010-3312 affects Epiphany (2.28/2.29) when using WebKit and LibSoup, where the UI unconditionally shows a closed-lock icon for any https URL, potentially enabling MITM via a crafted X.509 certificate. Related advisories mention Midori pre-0.2.5 and OpenSUSE/openSUSE libwebkit/WebKitGTK+ vers...
CVE-2017-1000025
CVE-2017-1000025 affects GNOME Web (Epiphany) across multiple versions (3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and earlier). The description specifies a password manager sweep vulnerability that leads to remote exfiltration of stored passwords for a selec...