CVE-2023-26081
Summary
| CVE | CVE-2023-26081 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-02-20 03:15:00 UTC |
|---|
| Updated | 2023-11-07 04:09:00 UTC |
|---|
| Description | In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Unsandboxed Password Manager · Advisory · google/security-research · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 36 Update: epiphany-42.5-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] [DLA 3423-1] epiphany-browser security update |
MLIST |
lists.debian.org |
|
| Don't autofill passwords in sandboxed contexts (!1275) · Merge requests · GNOME / Epiphany · GitLab |
MISC |
gitlab.gnome.org |
|
| [SECURITY] Fedora 37 Update: epiphany-43.1-1.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: epiphany-43.1-1.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: epiphany-42.5-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181786 Debian Security Update for epiphany-browser (DLA 3423-1)
- 182956 Debian Security Update for epiphany-browser (CVE-2023-26081)
- 283750 Fedora Security Update for epiphany (FEDORA-2023-d8d2cd7c58)
- 283753 Fedora Security Update for epiphany (FEDORA-2023-26b58f8098)
