{"id":"CVE-2018-11396","details":"ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.","modified":"2026-03-14T09:26:02.790838Z","published":"2018-05-23T13:29:00.373Z","related":["openSUSE-SU-2019:2318-1","openSUSE-SU-2024:10739-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00043.html"},{"type":"REPORT","url":"https://bugzilla.gnome.org/show_bug.cgi?id=795740"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/epiphany","events":[{"introduced":"0"},{"last_affected":"b9694438e6d6fd5c0ac35c8bcb4bd95b89d74be0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.28.2.1"}]}}],"versions":["2.27.4","2.27.5","2.27.90","2.27.91","2.27.92","2.29.1","2.29.3","2.29.5","2.29.6","2.29.90","2.29.91","2.29.92","2.30","2.30.1","2.30.2","2.31.2","2.31.4","2.31.5","2.91.1","2.91.1.1","2.91.2","2.91.3","2.91.4","2.91.4.1","2.91.5","2.91.6","2.91.90","2.91.91","2.91.91.1","2.91.92","3.0.0","3.1.2","3.1.5","3.1.90","3.1.91","3.1.91.1","3.1.92","3.10.0","3.10.1","3.11.1","3.11.2","3.11.3","3.11.4","3.11.90","3.11.91","3.11.92","3.12.0","3.12.1","3.13.90","3.13.91","3.14.0","3.14.1","3.15.1","3.15.90","3.15.92","3.16.0","3.16.1","3.17.1","3.17.2","3.17.91","3.18.0","3.19.1","3.19.90","3.19.91","3.19.92","3.2.0","3.20.0","3.21.1","3.21.2","3.21.3","3.21.4","3.23.1","3.23.1.1","3.23.1.2","3.23.2","3.23.2.1","3.23.3","3.23.4","3.23.5","3.23.90","3.23.91","3.23.91.1","3.23.92","3.23.93","3.24.0","3.24.1","3.25.1","3.25.2","3.25.3","3.25.4","3.25.90","3.25.91","3.25.92","3.26.0","3.27.1","3.27.2","3.27.3","3.27.4","3.27.90","3.27.92","3.28.0.1","3.28.1","3.28.1.1","3.28.2","3.28.2.1","3.3.1","3.3.2","3.3.3","3.3.4","3.3.4.1","3.3.5","3.3.90","3.3.91","3.3.92","3.5.1","3.5.3","3.5.4","3.5.5","3.5.90","3.5.91.1","3.5.92","3.6.0","3.7.1","3.7.3","3.7.5","3.7.90","3.7.91","3.7.92","3.9.2","3.9.3","3.9.90","3.9.91","BEFORE_HARVES18","GNOME_2_10_ANCHOR","GNOME_2_12_BRANCHPOINT","GNOME_2_14_BRANCHPOINT","GNOME_2_16_BRANCHPOINT","GNOME_2_18_BRANCHPOINT","GTK_ENGINES_2_6_0","INITIAL","PRE_GNOME_2_14_BRANCHPOINT","RELEASE_2_14_0","RELEASE_2_15_1","RELEASE_2_15_2","RELEASE_2_15_3","RELEASE_2_15_4","RELEASE_2_15_92","RELEASE_2_16_0","RELEASE_2_17_2","RELEASE_2_17_3","RELEASE_2_17_4","RELEASE_2_17_5","RELEASE_2_17_90","RELEASE_2_17_91","RELEASE_2_17_92","RELEASE_2_18_0","RELEASE_2_19_2","RELEASE_2_19_5","RELEASE_2_19_6","RELEASE_2_19_90","RELEASE_2_21_4","RELEASE_2_21_5","RELEASE_2_21_90","RELEASE_2_21_92","RELEASE_2_23_91","RELEASE_2_5_91","Release070","Release072","Release073","Release081","Release082","Release083","Release090","Release091","Release092","Release110","Release111","Release1110","Release1111","Release1112","Release112","Release113","Release115","Release117","Release119","Release120","Release130","Release131","Release132","Release133","Release134","Release135","Release136","Release137","Release138","Release151","Release152","Release153","Release154","Release155","Release156","Release157","Release158","Release160","Release171","Release172","Release173","Release174","Release175","Release176","Release191","Release192","Release193","Release1931","Release194","Release195","Release1951","Release196","Release198","Release1999","WEBCORE_BRANCHPOINT","WEBKIT_BRANCHPOINT","XULRUNNER_BRANCHPOINT","actual-2.29.6","gnome-2-8-branchpoint","help","pre-gnome-2-10-branchpoint"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11396.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}