[Slackbuilds-users] qutebrowser 1.3.3 security update
David Woodfall
dave at dawoodfall.net
Fri Jun 22 04:58:09 UTC 2018
On Friday 22 June 2018 00:14,
Dave Woodfall <dave at dawoodfall.net> put forth the proposition:
> Hi all,
>
> I've just submitted my first update because of a security issue.
>
> Details:
>
> "An XSS vulnerability on the qute://history page allowed websites to inject
> HTML into the page via a crafted title tag. This could allow them to steal
> your browsing history. If you're currently unable to upgrade, avoid using
> :history. A CVE request for this issue is pending, see #4011 for updates."
>
> https://github.com/qutebrowser/qutebrowser/issues/4011
>
> Until this is available, please avoid using the :history (or qute://history) command.
>
> Related:
>
> https://github.com/qutebrowser/qutebrowser/issues/4012
>
> I'll post any updates here.
Not an update as such, but I've written a doc on how to install
qutebrowser in a virtual environment using pip and tox. It'll be
using the latest code patched for that issue, and it's a good way to
see what the latest version can do. It should keep you safe until the
next updates are available.
http://dawoodfall.net/slackbuilds/14.2/qutebrowser/
-Dave
--
Anyone who thinks UNIX is intuitive should be forced to write 5000 lines of
code using nothing but vi or emacs. AAAAACK!
-- Discussion on the intuitiveness of commands, especially Emacs
.--. oo
(____)//
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
More information about the SlackBuilds-users
mailing list