MGASA-2022-0053

Source
https://advisories.mageia.org/MGASA-2022-0053.html
Import Source
https://advisories.mageia.org/MGASA-2022-0053.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2022-0053
Related
Published
2022-02-09T20:46:00Z
Modified
2022-02-09T20:05:13Z
Summary
Updated epiphany packages fix security vulnerability
Details

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list (CVE-2021-45085).

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggestedfilename is used as the pdfname value in PDF.js (CVE-2021-45086).

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title (CVE-2021-45087).

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page (CVE-2021-45088).

References
Credits

Affected packages

Mageia:8 / epiphany

Package

Name
epiphany
Purl
pkg:rpm/mageia/epiphany?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.38.2-1.1.mga8

Ecosystem specific

{
    "section": "core"
}