ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) up to and including 3.28.2.1 allows remote malicious users to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnome epiphany |