Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-45086

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.

Related bugs and status

CVE-2021-45086 (Candidate) is related to these bugs:

Bug #1955362: epiphany December 2021 XSS issues

		In	Importance	Status
1955362	epiphany December 2021 XSS issues	epiphany-browser (Ubuntu)	Undecided	Fix Released
1955362	epiphany December 2021 XSS issues	epiphany-browser (Ubuntu Focal)	Undecided	Fix Released
1955362	epiphany December 2021 XSS issues	epiphany-browser (Ubuntu Impish)	Undecided	Won't Fix

Bug #1969851: CVE-2022-29536 epiphany

		In	Importance	Status
1969851	CVE-2022-29536 epiphany	epiphany-browser (Ubuntu)	Undecided	Fix Released
1969851	CVE-2022-29536 epiphany	epiphany-browser (Ubuntu Focal)	Undecided	Fix Released
1969851	CVE-2022-29536 epiphany	epiphany-browser (Ubuntu Jammy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://gitlab.gnome.o...
MISC: https://gitlab.gnome.o...
DEBIAN: DSA-5042