{"id":"UBUNTU-CVE-2017-1000025","details":"GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.","modified":"2026-05-20T16:03:15.494734575Z","published":"2017-07-17T13:18:00Z","upstream":["CVE-2017-1000025"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-1000025"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2017/05/22"},{"type":"REPORT","url":"https://bugzilla.gnome.org/show_bug.cgi?id=752738"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-1000025"}],"affected":[{"package":{"name":"epiphany","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/epiphany?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.7.0+0-3build1"],"ecosystem_specific":{"binaries":[{"binary_name":"epiphany","binary_version":"0.7.0+0-3build1"},{"binary_name":"epiphany-data","binary_version":"0.7.0+0-3build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000025.json"}},{"package":{"name":"epiphany-browser","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/epiphany-browser?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.16.3-1ubuntu1","3.18.0-1ubuntu2","3.18.1-1ubuntu1","3.18.3-0ubuntu1","3.18.5-0ubuntu1","3.18.5-0ubuntu1.1","3.18.10-0ubuntu1","3.18.11-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"epiphany-browser","binary_version":"3.18.11-0ubuntu1"},{"binary_name":"epiphany-browser-data","binary_version":"3.18.11-0ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000025.json"}},{"package":{"name":"epiphany","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/epiphany?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.7.0+0-3build1"],"ecosystem_specific":{"binaries":[{"binary_name":"epiphany","binary_version":"0.7.0+0-3build1"},{"binary_name":"epiphany-data","binary_version":"0.7.0+0-3build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000025.json"}},{"package":{"name":"epiphany","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/epiphany?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.7.0+0-5","0.7.0+0-6","0.7.0+0-6build1"],"ecosystem_specific":{"binaries":[{"binary_name":"epiphany","binary_version":"0.7.0+0-6build1"},{"binary_name":"epiphany-data","binary_version":"0.7.0+0-6build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000025.json"}},{"package":{"name":"epiphany","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/epiphany?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.7.0+0-6build1","0.7.0+0-7"],"ecosystem_specific":{"binaries":[{"binary_name":"epiphany","binary_version":"0.7.0+0-7"},{"binary_name":"epiphany-data","binary_version":"0.7.0+0-7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000025.json"}},{"package":{"name":"epiphany","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/epiphany?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.7.0+0-7"],"ecosystem_specific":{"binaries":[{"binary_name":"epiphany","binary_version":"0.7.0+0-7"},{"binary_name":"epiphany-data","binary_version":"0.7.0+0-7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000025.json"}},{"package":{"name":"epiphany","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/epiphany?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.7.0+0-7"],"ecosystem_specific":{"binaries":[{"binary_name":"epiphany","binary_version":"0.7.0+0-7"},{"binary_name":"epiphany-data","binary_version":"0.7.0+0-7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000025.json"}},{"package":{"name":"epiphany","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/epiphany?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.7.0+0-7","0.7.0+0-8"],"ecosystem_specific":{"binaries":[{"binary_name":"epiphany","binary_version":"0.7.0+0-8"},{"binary_name":"epiphany-data","binary_version":"0.7.0+0-8"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000025.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}