qutebrowser
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | A keyboard-driven, vim-like browser based on PyQt5 |
| Version | 1.6.0-1 [community] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-735 | 1.4.0-1 | 1.4.1-1 | Critical | Fixed | |
| AVG-724 | 1.3.2-1 | 1.3.3-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2018-10895 | AVG-735 | Critical | Yes | Arbitrary code execution | Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like... |
| CVE-2018-1000559 | AVG-724 | Medium | Yes | Cross-site scripting | qutebrowser before 1.3.3 contains a Cross Site Scripting (XSS) vulnerability that can result in a website stealing the user's browsing history. This attack... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 11 Jul 2018 | ASA-201807-3 | AVG-735 | Critical | arbitrary code execution |
| 26 Jun 2018 | ASA-201806-13 | AVG-724 | Medium | cross-site scripting |