Search for packages
| purl | pkg:deb/debian/epiphany-browser@49.2-3?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4ayz-e7qd-q3hv | security update |
CVE-2021-45085
|
| VCID-bpgn-654d-5kh6 | In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. |
CVE-2023-26081
|
| VCID-cdnq-ar2x-rfc4 | The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. |
CVE-2005-0238
|
| VCID-drpr-qvbq-c7ep | A vulnerability has been discovered in Epiphany, which can lead to a buffer overflow. |
CVE-2022-29536
|
| VCID-dy4t-8mzp-k3h9 | An untrusted search path vulnerability in Epiphany might result in the execution of arbitrary code. |
CVE-2008-5985
|
| VCID-fw5u-mcy4-1uaz | ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. |
CVE-2018-11396
|
| VCID-h8vr-29am-jueb | Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate. |
CVE-2010-3312
|
| VCID-hk4w-wqwm-b7dx | security update |
CVE-2021-45086
|
| VCID-kr9h-du4n-zbck | security update |
CVE-2021-45087
|
| VCID-qu2d-vqp3-w3e3 | A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior. |
CVE-2025-3839
|
| VCID-t8h7-hah9-bkaw | gvdb: use after free issue was fixed in gvdb_table_write_contents_async() |
CVE-2019-25085
|
| VCID-u2z3-9rm9-suda | GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. |
CVE-2017-1000025
|
| VCID-v1k1-swqj-akcj | security update |
CVE-2021-45088
|
| VCID-wruk-nknh-2fh4 | libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls. |
CVE-2018-12016
|