CVE-2017-1000025

NameCVE-2017-1000025
DescriptionGNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
epiphany-browser (PTS)jessie3.14.1-1vulnerable
stretch3.22.7-1fixed
buster3.32.1.2-3~deb10u1fixed
buster (security)3.32.1.2-3~deb10u2fixed
bullseye (security), bullseye3.38.2-1+deb11u3fixed
bookworm, sid43.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
epiphany-browsersource(unstable)3.22.6-1unimportant

Notes

webkit not covered by security support
Search for package or bug name: Reporting problems