7 matches found
CVE-2022-29536
CVE-2022-29536 affects GNOME Epiphany before 41.4 and 42.x before 42.2. A buffer overflow in the UI process (ephy_string_shorten) can be triggered by a long page title because the UTF-8 ellipsis byte length is not properly accounted for. Impact per referenced advisories is memory corruption/crash...
CVE-2021-45085
CVE-2021-45085 affects GNOME Web (Epiphany) where XSS is possible via an about: page. The issue occurs in Epiphany builds prior to 40.4 and 41.x prior to 41.1 when a user visits an XSS payload page, e.g., ephy-about:overview, which can land a page on the Most Visited list. Public details in conne...
CVE-2021-45087
CVE-2021-45087 affects GNOME Web (Epiphany). The vulnerability arises when using View Source mode or Reader mode, allowing an XSS payload via the page title. Affected component is Epiphany/GNOME Web; root cause is improper handling in those modes leading to script execution. Impact is XSS under t...
CVE-2021-45086
CVE-2021-45086 affects GNOME Web (Epiphany) where a server-provided suggested_filename is used as the pdf_name value in PDF.js, enabling XSS. Affected versions include GNOME Web before 40.4 and 41.x before 41.1; exploitation details and in-the-wild status are not shown in the provided documents. ...
CVE-2021-45088
CVE-2021-45088 is an XSS vulnerability in GNOME Web (Epiphany) exploitable via an error page, affecting Epiphany/GNOME Web up to versions before 40.4 and 41.x before 41.1. Connected sources confirm this CVE as part of multiple GNOME/Epiphany XSS issues and indicate Debian/Mageia advisories with f...
CVE-2023-26081
CVE-2023-26081 affects Epiphany (GNOME Web) up to version 43.0, where autofill can exfiltrate passwords from sandboxed content (e.g., CSP sandbox or iframe). Exploitation would require untrusted web content, but attackers could leverage sandbox context to access credentials. Remediation across di...
CVE-2005-0238
CVE-2005-0238 concerns the International Domain Name (IDN) support in Epiphany, where punycode-encoded domain names decoded in URLs and SSL certificates can be interpreted using homograph characters from other scripts. This enables remote attackers to spoof legitimate domain names and facilitates...