PT-2010-4724 · Gnome+1 · Epiphany+2

Sam Morris

Published

2010-10-12

Updated

2011-02-17

CVE-2010-3312

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Epiphany versions 2.28 through 2.29

Description The issue allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate, as Epiphany unconditionally displays a closed-lock icon for any URL beginning with the https: substring without warning the user.

Recommendations For Epiphany versions 2.28 through 2.29, consider disabling the use of WebKit and LibSoup until a patch is available to prevent the unconditional display of the closed-lock icon for https URLs.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-3312

Affected Products

Epiphany

Libsoup

Webkit

PT-2010-4724 · Gnome+1 · Epiphany+2

CVE-2010-3312

Related Identifiers

Affected Products

References · 19