CVE-2018-11396
HIGHGNOME Web < 3.28.2.1 - Denial of Service via NULL URL Access
Title source: llmDescription
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.gnome.org/show_bug.cgi?id=795740
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00043.html
Scores
CVSS v3
7.5
EPSS
0.0069
EPSS Percentile
71.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (1)
gnome/epiphany
< 3.28.2.1
Published
May 23, 2018
Tracked Since
Feb 18, 2026