UbuntuUpdates.org

Package "epiphany-browser"

Name: epiphany-browser

Description:

Intuitive GNOME web browser

Latest version: 3.36.4-0ubuntu2
Release: focal (20.04)
Level: security
Repository: universe
Homepage: https://wiki.gnome.org/Apps/Web

Links


Download "epiphany-browser"


Other versions of "epiphany-browser" in Focal

Repository Area Version
base universe 3.36.1-1
updates universe 3.36.4-0ubuntu2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.36.4-0ubuntu2 2022-08-10 14:06:19 UTC

  epiphany-browser (3.36.4-0ubuntu2) focal-security; urgency=medium

  * SECURITY UPDATE: Fix memory corruption in ephy_string_shorten()
    - CVE-2022-29536 (LP: #1969851)
  * SECURITY UPDATE: Multiple XSS issues (LP: #1955362)
    - CVE-2021-45085 XSS exploit possible from the Most Visited page
    - CVE-2021-45086 XSS exploit possible with a PDF's suggested filename
    - CVE-2021-45087 XSS exploit possible in View Source or Reader Mode
    - CVE-2021-45087 XSS exploit possible via error pages

 -- Jeremy Bicha <email address hidden> Sun, 31 Jul 2022 16:32:14 -0400

1969851 CVE-2022-29536 epiphany
1955362 epiphany December 2021 XSS issues
CVE-2022-29536 In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process)
CVE-2021-45085 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user vis
CVE-2021-45086 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF
CVE-2021-45087 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page



About   -   Send Feedback to @ubuntu_updates