Gentoo Linux Security Advisory 201210-1 - An error in the hostname matching of w3m might enable remote attackers to conduct man-in-the-middle attacks. Versions less than 0.5.2-r4 are affected.
ec83e2e268401a50c47c37d02fb9e72083b016e35c6a66f3ebfcb5d22ca10477
Ubuntu Security Notice 967-1 - Ludwig Nussel discovered w3m does not properly handle SSL/TLS certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
836db4c204e2c165e1f69ef1041ef48cc7bed2f359f013e82151096ec8b4f1e7