MGASA-2022-0053

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0053.html

Import Source

https://advisories.mageia.org/MGASA-2022-0053.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2022-0053

Related

Published

2022-02-09T20:46:00Z

Modified

2022-02-09T20:05:13Z

Summary

Updated epiphany packages fix security vulnerability

Details

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list (CVE-2021-45085).

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggestedfilename is used as the pdfname value in PDF.js (CVE-2021-45086).

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title (CVE-2021-45087).

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page (CVE-2021-45088).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2022-0053

Affected packages