An untrusted search path vulnerability in Epiphany might result in the execution of arbitrary code.
Package | www-client/epiphany on all architectures |
---|---|
Affected versions | < 2.22.3-r2 |
Unaffected versions | >= 2.22.3-r2 |
Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko.
James Vega reported an untrusted search path vulnerability in the Python interface.
A local attacker could entice a user to run Epiphany from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running Epiphany.
Do not run "epiphany" from untrusted working directories.
All Epiphany users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/epiphany-2.22.3-r2"
Release date
March 09, 2009
Latest revision
March 09, 2009: 01
Severity
normal
Exploitable
local
Bugzilla entries