Fluid Attacks Database

Description

GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	epiphany-browser	>=0 <3.22.6-1	3.22.6-1
debian 11	epiphany-browser	>=0 <3.22.6-1	3.22.6-1
debian 14	epiphany-browser	>=0 <3.22.6-1	3.22.6-1
debian 13	epiphany-browser	>=0 <3.22.6-1	3.22.6-1

Aliases

1. CVE-2017-10000252. NVD-2017-10000253. OSV-DEBIAN-2017-10000254. OSV-2017-10000255. SECURITY-TRACKER-CVE-2017-1000025

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.