CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%
Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko.
James Vega reported an untrusted search path vulnerability in the Python interface.
A local attacker could entice a user to run Epiphany from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running Epiphany.
Do not run βepiphanyβ from untrusted working directories.
All Epiphany users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/epiphany-2.22.3-r2"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | www-client/epiphany | <Β 2.22.3-r2 | UNKNOWN |