CVE-2017-1000025

Name of the Vulnerable Software and Affected Versions GNOME Web (Epiphany) versions 3.23 before 3.23.5 GNOME Web (Epiphany) versions 3.22 before 3.22.6 GNOME Web (Epiphany) versions 3.20 before 3.20.7 GNOME Web (Epiphany) versions 3.18 before 3.18.11 GNOME Web (Epiphany) versions prior to 3.18

Description The issue allows for a password manager sweep attack, resulting in the remote exfiltration of stored passwords for a selected set of websites.

Recommendations For versions 3.23 before 3.23.5, update to version 3.23.5 or later. For versions 3.22 before 3.22.6, update to version 3.22.6 or later. For versions 3.20 before 3.20.7, update to version 3.20.7 or later. For versions 3.18 before 3.18.11, update to version 3.18.11 or later. For versions prior to 3.18, update to version 3.18 or later.