Lucene search

K
GnomeEpiphany

5 matches found

CVE
CVE
added 2018/05/23 1:29 p.m.148 views

CVE-2018-11396

ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.

7.5CVSS7.2AI score0.00681EPSS
CVE
CVE
added 2022/04/20 11:15 p.m.114 views

CVE-2022-29536

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

7.5CVSS7.4AI score0.00121EPSS
CVE
CVE
added 2023/02/20 3:15 a.m.56 views

CVE-2023-26081

In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

7.5CVSS7.3AI score0.00147EPSS
CVE
CVE
added 2017/07/17 1:18 p.m.40 views

CVE-2017-1000025

GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.

7.5CVSS7.5AI score0.00498EPSS
CVE
CVE
added 2018/06/07 2:29 p.m.35 views

CVE-2018-12016

libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.

7.5CVSS7.2AI score0.00623EPSS