Bug#1031727: epiphany-browser: CVE-2023-26081
Moritz Mühlenhoff
jmm at inutil.org
Tue Feb 21 15:05:06 GMT 2023
Source: epiphany-browser
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for epiphany-browser.
CVE-2023-26081[0]:
| In Epiphany (aka GNOME Web) through 43.0, untrusted web content can
| trick users into exfiltrating passwords, because autofill occurs in
| sandboxed contexts.
https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275
https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-26081
https://www.cve.org/CVERecord?id=CVE-2023-26081
Please adjust the affected versions in the BTS as needed.
More information about the pkg-gnome-maintainers
mailing list