UbuntuUpdates.org

Package "epiphany-browser-data"

Name: epiphany-browser-data

Description:

Data files for the GNOME web browser
Latest version: 3.36.4-0ubuntu2
Release: focal (20.04)
Level: security
Repository: universe
Head package: epiphany-browser
Homepage: https://wiki.gnome.org/Apps/Web

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "epiphany-browser-data"

All arch deb package
APT INSTALL

Other versions of "epiphany-browser-data" in Focal

Repository Area Version
base universe 3.36.1-1
updates universe 3.36.4-0ubuntu2

Changelog

Version: 3.36.4-0ubuntu2 2022-08-10 14:06:19 UTC

  epiphany-browser (3.36.4-0ubuntu2) focal-security; urgency=medium

  * SECURITY UPDATE: Fix memory corruption in ephy_string_shorten()
    - CVE-2022-29536 (LP: #1969851)
  * SECURITY UPDATE: Multiple XSS issues (LP: #1955362)
    - CVE-2021-45085 XSS exploit possible from the Most Visited page
    - CVE-2021-45086 XSS exploit possible with a PDF's suggested filename
    - CVE-2021-45087 XSS exploit possible in View Source or Reader Mode
    - CVE-2021-45087 XSS exploit possible via error pages

 -- Jeremy Bicha <email address hidden> Sun, 31 Jul 2022 16:32:14 -0400
1969851 CVE-2022-29536 epiphany
1955362 epiphany December 2021 XSS issues
CVE-2022-29536 In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process)
CVE-2021-45085 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user vis
CVE-2021-45086 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF
CVE-2021-45087 XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page


About   -   Send Feedback to @ubuntu_updates