PT-2010-4724 · Gnome+1 · Epiphany+2

Sam Morris

Publicado

2010-10-12

Atualizado

2011-02-17

CVE-2010-3312

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Epiphany versions 2.28 through 2.29

Description The issue allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate, as Epiphany unconditionally displays a closed-lock icon for any URL beginning with the https: substring without warning the user.

Recommendations For Epiphany versions 2.28 through 2.29, consider disabling the use of WebKit and LibSoup until a patch is available to prevent the unconditional display of the closed-lock icon for https URLs.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2010-3312

Produtos afetados

Epiphany

Libsoup

Webkit

PT-2010-4724 · Gnome+1 · Epiphany+2

CVE-2010-3312

Identificadores relacionados

Produtos afetados

Referências · 19