VYPR

Web

by GNOME Foundation

CVEs (2)

  • CVE-2018-11396HigMay 23, 2018
    risk 0.49cvss 7.5epss 0.01

    ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.

  • CVE-2017-1000025HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.