Search for packages
| purl | pkg:deb/debian/epiphany-browser@3.38.2-1%2Bdeb11u3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kmpc-9smk-87cs
Aliases: CVE-2023-26081 |
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. |
Affected by 1 other vulnerability. |
|
VCID-npuq-kq64-eqdq
Aliases: CVE-2025-3839 |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-aexr-t2nm-tkbw | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. |
CVE-2021-45088
|
| VCID-dfk8-ujvd-gyc3 | gvdb: use after free issue was fixed in gvdb_table_write_contents_async() |
CVE-2019-25085
|
| VCID-q1xj-wvgm-8qde | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. |
CVE-2021-45087
|
| VCID-qf19-wz15-gbbw | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. |
CVE-2021-45085
|
| VCID-qhqm-svch-g3ax | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. |
CVE-2021-45086
|
| VCID-s516-n9vv-aqae | In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. |
CVE-2022-29536
|