[Slackbuilds-users] qutebrowser 1.3.3 security update

David Woodfall dave at dawoodfall.net
Fri Jun 22 04:58:09 UTC 2018

On Friday 22 June 2018 00:14,
Dave Woodfall <dave at dawoodfall.net> put forth the proposition:
> Hi all,
> I've just submitted my first update because of a security issue.
> Details:
> "An XSS vulnerability on the qute://history page allowed websites to inject
> HTML into the page via a crafted title tag. This could allow them to steal
> your browsing history. If you're currently unable to upgrade, avoid using
> :history. A CVE request for this issue is pending, see #4011 for updates."
> https://github.com/qutebrowser/qutebrowser/issues/4011
> Until this is available, please avoid using the :history (or qute://history) command.
> Related:
> https://github.com/qutebrowser/qutebrowser/issues/4012
> I'll post any updates here.

Not an update as such, but I've written a doc on how to install
qutebrowser in a virtual environment using pip and tox. It'll be
using the latest code patched for that issue, and it's a good way to
see what the latest version can do. It should keep you safe until the
next updates are available.




Anyone who thinks UNIX is intuitive should be forced to write 5000 lines of
code using nothing but vi or emacs.  AAAAACK!
  -- Discussion on the intuitiveness of commands, especially Emacs

                                                            .--.  oo

More information about the SlackBuilds-users mailing list