MGASA-2022-0053

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0053.html

Import Source

https://advisories.mageia.org/MGASA-2022-0053.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2022-0053

Related

Published

2022-02-09T20:46:00Z

Modified

2022-02-09T20:05:13Z

Summary

Updated epiphany packages fix security vulnerability

Details

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list (CVE-2021-45085).

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggestedfilename is used as the pdfname value in PDF.js (CVE-2021-45086).

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title (CVE-2021-45087).

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page (CVE-2021-45088).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / epiphany

Package

Name: epiphany
Purl: pkg:rpm/mageia/epiphany?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.38.2-1.1.mga8

Ecosystem specific

{
    "section": "core"
}