CVE-2023-26081
7.5HIGHIn Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
Published: 2/20/2023Updated: 3/18/2025
Description
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
AI AnalysisPowered by AI
Affected Products
gnomeepiphany
fedoraprojectfedora
37
References
- https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9xExploitThird Party Advisory
- https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275PatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/05/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/
- https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9xExploitThird Party Advisory
- https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275PatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/05/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/