Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2010-10-12T21:00:00
Updated: 2024-08-07T03:03:18.997Z
Reserved: 2010-09-13T00:00:00
Link: CVE-2010-3312
Vulnrichment
No data.
NVD
Status : Modified
Published: 2010-10-14T05:58:13.037
Modified: 2024-11-21T01:18:29.397
Link: CVE-2010-3312
Redhat
No data.