GNOME Epiphany 3.35.1

CPE Details

GNOME Epiphany 3.35.1
3.35.1
2019-10-23
10h27 +00:00
2019-10-23
10h27 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnome:epiphany:3.35.1:*:*:*:*:*:*:*

Informations

Vendor

gnome

Product

epiphany

Version

3.35.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-26081 2023-02-20 00h00 +00:00 In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
7.5
High
CVE-2022-29536 2022-04-20 20h37 +00:00 In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
7.5
High
CVE-2021-45086 2021-12-16 01h19 +00:00 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
6.1
Medium
CVE-2021-45087 2021-12-16 01h19 +00:00 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
6.1
Medium
CVE-2021-45088 2021-12-16 01h19 +00:00 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
6.1
Medium
CVE-2021-45085 2021-12-16 01h19 +00:00 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
6.1
Medium
CVE-2005-0238 2005-02-07 04h00 +00:00 The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
5