[Slackbuilds-users] qutebrowser 1.3.3 security update

David Woodfall dave at dawoodfall.net
Thu Jun 21 23:14:34 UTC 2018


Hi all,

I've just submitted my first update because of a security issue.

Details:

"An XSS vulnerability on the qute://history page allowed websites to inject
HTML into the page via a crafted title tag. This could allow them to steal
your browsing history. If you're currently unable to upgrade, avoid using
:history. A CVE request for this issue is pending, see #4011 for updates."

https://github.com/qutebrowser/qutebrowser/issues/4011

Until this is available, please avoid using the :history (or qute://history) command.

Related:

https://github.com/qutebrowser/qutebrowser/issues/4012

I'll post any updates here.

Thanks all,

-Dave

--

The good thing about standards is that there are so many to choose from.
  -- Andrew S. Tanenbaum

                                                            .--.  oo
                                                           (____)//
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'


More information about the SlackBuilds-users mailing list