CVE-2018-11396

ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.

Published : 2018-05-23 13:29 Updated : 2019-10-16 12:15

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Gnome Epiphany 3.28.2.1 cpe:/a:gnome:epiphany:3.28.2.1
  1. Gnome (1) Search CVE
    1. Epiphany (1) Search CVE
      1. 3.28.2.1

CWE

ID Name Description Links
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. CVE

History of changes

Date Event
2019-10-16 12:15
2018-06-22 13:47
2018-05-23 13:29

New CVE