CVE-2010-3312 — Epiphany vulnerability

8 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

0.5%

top 32.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Epiphany

Timeline

PublishedOct 14

Latest updateMay 17

Description

Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDgnome/epiphany2.28, 2.29+1

🔴Vulnerability Details

GHSA

GHSA-mwx6-jr67-8329: Epiphany 2↗2022-05-17

▶

OSV

CVE-2010-3312: Epiphany 2↗2010-10-14

▶

CVEList

CVE-2010-3312: Epiphany 2↗2010-10-12

▶

📋Vendor Advisories

Debian

CVE-2010-3312: epiphany-browser - Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displa...↗2010

▶

💬Community

Bugzilla

CVE-2010-3900 Midori: When used with WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 does not verify X.509 certificates↗2010-10-15

▶

Bugzilla

CVE-2010-3312 epiphany: no longer verifies SSL certificates [fedora-all]↗2010-09-23

▶

Bugzilla

CVE-2010-3312 epiphany: no longer verifies SSL certificates↗2010-09-23

▶