(CVE-2018-8383/CVE-2019-6251) Address bar spoofing
Product affected: Epiphany 22.214.171.124
Tested on: Fedora-Workstation-x86_64-28-1.1
Steps to reproduce
- Open epiphany
- Navigate to spoof.html
- The address bar spoof
Marking this as confidential, because an attacker can use such crafted JS to retrieve sensitive details from the end user.Request team to have a look and validate.