GNOME Epiphany
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in GNOME Epiphany.
By the Year
In 2024 there have been 0 vulnerabilities in GNOME Epiphany . Last year Epiphany had 1 security vulnerability published. Right now, Epiphany is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 7.50 |
2022 | 1 | 7.50 |
2021 | 4 | 6.10 |
2020 | 0 | 0.00 |
2019 | 1 | 8.10 |
2018 | 2 | 7.50 |
It may take a day or so for new Epiphany vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNOME Epiphany Security Vulnerabilities
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords
CVE-2023-26081
7.5 - High
- February 20, 2023
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
Exposure of Resource to Wrong Sphere
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process)
CVE-2022-29536
7.5 - High
- April 20, 2022
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
Memory Corruption
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1
CVE-2021-45088
6.1 - Medium
- December 16, 2021
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
XSS
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used
CVE-2021-45087
6.1 - Medium
- December 16, 2021
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
XSS
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1
CVE-2021-45086
6.1 - Medium
- December 16, 2021
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
XSS
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place
CVE-2021-45085
6.1 - Medium
- December 16, 2021
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
XSS
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections
CVE-2019-6251
8.1 - High
- January 14, 2019
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1
CVE-2018-12016
7.5 - High
- June 07, 2018
libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code
CVE-2018-11396
7.5 - High
- May 23, 2018
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names
CVE-2005-0238
- May 02, 2005
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Opera Browser or by GNOME? Click the Watch button to subscribe.