[Slackbuilds-users] qutebrowser 1.3.3 security update
David Woodfall
dave at dawoodfall.net
Thu Jun 21 23:14:34 UTC 2018
Hi all,
I've just submitted my first update because of a security issue.
Details:
"An XSS vulnerability on the qute://history page allowed websites to inject
HTML into the page via a crafted title tag. This could allow them to steal
your browsing history. If you're currently unable to upgrade, avoid using
:history. A CVE request for this issue is pending, see #4011 for updates."
https://github.com/qutebrowser/qutebrowser/issues/4011
Until this is available, please avoid using the :history (or qute://history) command.
Related:
https://github.com/qutebrowser/qutebrowser/issues/4012
I'll post any updates here.
Thanks all,
-Dave
--
The good thing about standards is that there are so many to choose from.
-- Andrew S. Tanenbaum
.--. oo
(____)//
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
More information about the SlackBuilds-users
mailing list