{"id":"CVE-2017-1000025","details":"GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.","modified":"2026-04-10T03:55:59.409694Z","published":"2017-07-17T13:18:16.703Z","references":[{"type":"ADVISORY","url":"https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/silver"},{"type":"REPORT","url":"https://bugzilla.gnome.org/show_bug.cgi?id=752738"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/epiphany","events":[{"introduced":"0"},{"last_affected":"39efde6540a6b24d804f9676e2f330a26d9f1baf"},{"introduced":"0"},{"last_affected":"5483823ae71fc5280e2fda9e85557362debb0c2e"},{"introduced":"0"},{"last_affected":"14750b7d130a761b9cff69177e6ae1064227637d"},{"introduced":"0"},{"last_affected":"43ca5e30a330b027c5cbc18466d5ec9c3e576a94"},{"introduced":"0"},{"last_affected":"621ad6c565bad6662a0f9a11a846593627df90a5"},{"introduced":"0"},{"last_affected":"59a3fb3de2a49d65e687abb00de8da9a1bebbfbe"},{"introduced":"0"},{"last_affected":"c7d1ac2d6a59a01906277e9c25d17fcf896aa22b"},{"introduced":"0"},{"last_affected":"8ea593d0a26679fcb1d94d25be9d0235a0a67668"},{"introduced":"0"},{"last_affected":"0859a1d33900e68853222a8f35b017d8bf1781a7"},{"introduced":"0"},{"last_affected":"ba06eeb6347675c9bf7bae4a581c0889d2fe1f1b"},{"introduced":"0"},{"last_affected":"36903a126863e58b2be96bb3c74e7ecfd2352105"},{"introduced":"0"},{"last_affected":"6d5e52792b4c7c9da24506ed316531c0addc7486"},{"introduced":"0"},{"last_affected":"49fa27a00e09745003e12219c080eb2b4e8f3f14"},{"introduced":"0"},{"last_affected":"2f10340ccfc62d7dad30484e6e1a806d60cbbbd0"},{"introduced":"0"},{"last_affected":"b40d4944216e6dc6db5bfdf6990b6e12940e7edc"},{"introduced":"0"},{"last_affected":"883f84cee9d762fd0326ef19e936e5bc12482487"},{"introduced":"0"},{"last_affected":"56380e62e0466f35a57c5d413af406c54262bfdc"},{"introduced":"0"},{"last_affected":"781cbe6fdf31372e8f3f6625c2d427ffa8f40452"},{"introduced":"0"},{"last_affected":"653eecbafc9095808ae3a770b554a46f37b93911"},{"introduced":"0"},{"last_affected":"88844931472ce68dd0b1d833c54b27b788f12a0c"},{"introduced":"0"},{"last_affected":"061956662d43c8f2e966228f2379e04004e86dd9"},{"introduced":"0"},{"last_affected":"08cb0932f1172fb9fc9f544006db4b6c2bb9d9b8"},{"introduced":"0"},{"last_affected":"516d6e584bf93569b13657f45c8fc8f2bc56b44f"},{"introduced":"0"},{"last_affected":"e580ac9a6946ce6932c482494d7317415d321721"},{"introduced":"0"},{"last_affected":"3a704432df66f19308ffadc9318a490294f43898"},{"introduced":"0"},{"last_affected":"83ab0312fb2063fb90f291171e65b03980d7d54a"},{"introduced":"0"},{"last_affected":"c894fd7d9d905f34a86439eb269e5743e596b14b"},{"introduced":"0"},{"last_affected":"3ddc361aff9bdb766cc98c17ae61bdafe0798b69"},{"introduced":"0"},{"last_affected":"55adee5c891d1b7c6d2c76f99bb94ed2c5734813"},{"introduced":"0"},{"last_affected":"1c5d952a8422cfc2862bc6385bab9f0caaca59e6"},{"introduced":"0"},{"last_affected":"acfe39787a2891d3411d3d665b625d2ce2cf94d2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.18.0"},{"introduced":"0"},{"last_affected":"3.18.1"},{"introduced":"0"},{"last_affected":"3.18.2"},{"introduced":"0"},{"last_affected":"3.18.3"},{"introduced":"0"},{"last_affected":"3.18.4"},{"introduced":"0"},{"last_affected":"3.18.5"},{"introduced":"0"},{"last_affected":"3.18.6"},{"introduced":"0"},{"last_affected":"3.18.7"},{"introduced":"0"},{"last_affected":"3.18.8"},{"introduced":"0"},{"last_affected":"3.18.9"},{"introduced":"0"},{"last_affected":"3.18.10"},{"introduced":"0"},{"last_affected":"3.20.0"},{"introduced":"0"},{"last_affected":"3.20.1"},{"introduced":"0"},{"last_affected":"3.20.2"},{"introduced":"0"},{"last_affected":"3.20.3"},{"introduced":"0"},{"last_affected":"3.20.4"},{"introduced":"0"},{"last_affected":"3.20.5"},{"introduced":"0"},{"last_affected":"3.20.6"},{"introduced":"0"},{"last_affected":"3.22.0"},{"introduced":"0"},{"last_affected":"3.22.1"},{"introduced":"0"},{"last_affected":"3.22.2"},{"introduced":"0"},{"last_affected":"3.22.3"},{"introduced":"0"},{"last_affected":"3.22.4"},{"introduced":"0"},{"last_affected":"3.22.5"},{"introduced":"0"},{"last_affected":"3.23.1"},{"introduced":"0"},{"last_affected":"3.23.1.1"},{"introduced":"0"},{"last_affected":"3.23.1.2"},{"introduced":"0"},{"last_affected":"3.23.2"},{"introduced":"0"},{"last_affected":"3.23.2.1"},{"introduced":"0"},{"last_affected":"3.23.3"},{"introduced":"0"},{"last_affected":"3.23.4"}]}}],"versions":["2.27.4","2.27.5","2.27.90","2.27.91","2.27.92","2.29.1","2.29.3","2.29.5","2.29.6","2.29.90","2.29.91","2.29.92","2.30","2.30.1","2.30.2","2.31.2","2.31.4","2.31.5","2.91.1","2.91.1.1","2.91.2","2.91.3","2.91.4","2.91.4.1","2.91.5","2.91.6","2.91.90","2.91.91","2.91.91.1","2.91.92","3.0.0","3.1.2","3.1.5","3.1.90","3.1.91","3.1.91.1","3.1.92","3.10.0","3.10.1","3.11.1","3.11.2","3.11.3","3.11.4","3.11.90","3.11.91","3.11.92","3.12.0","3.12.1","3.13.90","3.13.91","3.14.0","3.14.1","3.15.1","3.15.90","3.15.92","3.16.0","3.16.1","3.17.1","3.17.2","3.17.91","3.18.0","3.18.1","3.18.10","3.18.2","3.18.3","3.18.4","3.18.5","3.18.6","3.18.7","3.18.8","3.18.9","3.19.1","3.19.90","3.19.91","3.19.92","3.2.0","3.20.0","3.20.1","3.20.2","3.20.3","3.20.4","3.20.5","3.20.6","3.21.1","3.21.2","3.21.3","3.21.4","3.21.90","3.21.92","3.22.0","3.22.1","3.22.2","3.22.3","3.22.4","3.22.5","3.23.1","3.23.1.1","3.23.1.2","3.23.2","3.23.2.1","3.23.3","3.23.4","3.3.1","3.3.2","3.3.3","3.3.4","3.3.4.1","3.3.5","3.3.90","3.3.91","3.3.92","3.5.1","3.5.3","3.5.4","3.5.5","3.5.90","3.5.91.1","3.5.92","3.6.0","3.7.1","3.7.3","3.7.5","3.7.90","3.7.91","3.7.92","3.9.2","3.9.3","3.9.90","3.9.91","BEFORE_HARVES18","GNOME_2_10_ANCHOR","GNOME_2_12_BRANCHPOINT","GNOME_2_14_BRANCHPOINT","GNOME_2_16_BRANCHPOINT","GNOME_2_18_BRANCHPOINT","GTK_ENGINES_2_6_0","INITIAL","PRE_GNOME_2_14_BRANCHPOINT","RELEASE_2_14_0","RELEASE_2_15_1","RELEASE_2_15_2","RELEASE_2_15_3","RELEASE_2_15_4","RELEASE_2_15_92","RELEASE_2_16_0","RELEASE_2_17_2","RELEASE_2_17_3","RELEASE_2_17_4","RELEASE_2_17_5","RELEASE_2_17_90","RELEASE_2_17_91","RELEASE_2_17_92","RELEASE_2_18_0","RELEASE_2_19_2","RELEASE_2_19_5","RELEASE_2_19_6","RELEASE_2_19_90","RELEASE_2_21_4","RELEASE_2_21_5","RELEASE_2_21_90","RELEASE_2_21_92","RELEASE_2_23_91","RELEASE_2_5_91","Release070","Release072","Release073","Release081","Release082","Release083","Release090","Release091","Release092","Release110","Release111","Release1110","Release1111","Release1112","Release112","Release113","Release115","Release117","Release119","Release120","Release130","Release131","Release132","Release133","Release134","Release135","Release136","Release137","Release138","Release151","Release152","Release153","Release154","Release155","Release156","Release157","Release158","Release160","Release171","Release172","Release173","Release174","Release175","Release176","Release191","Release192","Release193","Release1931","Release194","Release195","Release1951","Release196","Release198","Release1999","WEBCORE_BRANCHPOINT","WEBKIT_BRANCHPOINT","XULRUNNER_BRANCHPOINT","actual-2.29.6","gnome-2-8-branchpoint","help","pre-gnome-2-10-branchpoint"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000025.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}