Gnome: >> Epiphany >> 41.1 Security Vulnerabilities
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-20
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-20
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVSS Score
5.0
EPSS Score
0.007
Published
2005-05-02