VYPR

Epiphany

by GNOME Foundation

CVEs (11)

  • CVE-2018-12016HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.

  • CVE-2017-1000025HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.

  • CVE-2023-26081Feb 20, 2023
    risk 0.00cvss epss 0.01

    In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

  • CVE-2022-29536Apr 20, 2022
    risk 0.00cvss epss 0.02

    In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

  • CVE-2021-45086Dec 16, 2021
    risk 0.00cvss epss 0.01

    XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.

  • CVE-2021-45087Dec 16, 2021
    risk 0.00cvss epss 0.01

    XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.

  • CVE-2021-45088Dec 16, 2021
    risk 0.00cvss epss 0.01

    XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.

  • CVE-2021-45085Dec 16, 2021
    risk 0.00cvss epss 0.01

    XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.

  • CVE-2010-3312Oct 14, 2010
    risk 0.00cvss epss 0.01

    Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509…

  • CVE-2008-5985Jan 28, 2009
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function…

  • CVE-2005-0238May 2, 2005
    risk 0.00cvss epss 0.02

    The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing…