CVEs (13)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. |
3Debian FedoraprojectGnome3Debian Linux EpiphanyFedoraNov 21, 2024 Apr 20, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for...Show more |
2Debian Gnome2Debian Linux EpiphanyNov 21, 2024 Dec 16, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. |
2Debian Gnome2Debian Linux EpiphanyNov 21, 2024 Dec 16, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. |
2Debian Gnome2Debian Linux EpiphanyNov 21, 2024 Dec 16, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. |
2Debian Gnome2Debian Linux EpiphanyNov 21, 2024 Dec 16, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Vis...Show more |
6Canonical FedoraprojectGnome+3 more6Epiphany FedoraLeap+3 moreNov 21, 2024 Jan 14, 2019 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is...Show more |
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls. |
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrat...Show more |
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored pa...Show more |
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attac...Show more |
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, r...Show more |
4Gnome MozillaOmnigroup+1 more5Camino EpiphanyMozilla+2 moreApr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph charact...Show more |