High severity7.5NVD Advisory· Published May 23, 2018· Updated Jun 17, 2026
CVE-2018-11396
CVE-2018-11396
Description
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <=3.28.2.1
- osv-coords3 versionspkg:rpm/opensuse/epiphany&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/epiphany&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/epiphany&distro=openSUSE%20Tumbleweed
< 3.28.1.1-lp151.3.3.1+ 2 more
- (no CPE)range: < 3.28.1.1-lp151.3.3.1
- (no CPE)range: < 3.28.1.1-lp151.3.3.1
- (no CPE)range: < 40.3-2.1
Patches
Vulnerability mechanics
References
2- bugzilla.gnome.org/show_bug.cginvdExploitIssue TrackingVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00043.htmlnvd
News mentions
0No linked articles in our index yet.