{ "schema_version": "1.4.0", "id": "GHSA-mwx6-jr67-8329", "modified": "2022-05-17T05:43:23Z", "published": "2022-05-17T05:43:23Z", "aliases": [ "CVE-2010-3312" ], "details": "Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3312" }, { "type": "WEB", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=600663" }, { "type": "WEB", "url": "http://blog.fefe.de/?ts=b26ca29d" }, { "type": "WEB", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564690" }, { "type": "WEB", "url": "http://bugzilla-attachments.gnome.org/attachment.cgi?id=154330" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/43068" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2010/09/17/10" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2010/09/17/12" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2010/09/17/13" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2010/09/17/5" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2010/09/17/6" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2010/09/20/2" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2010/09/21/5" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2011/0212" } ], "database_specific": { "cwe_ids": [], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2010-10-14T05:58:00Z" } }