qutebrowser
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | A keyboard-driven, vim-like browser based on PyQt5 |
| Version | 1.13.1-1 [community] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1152 | 1.11.0-1 | 1.11.1-1 | Low | Fixed | |
| AVG-735 | 1.4.0-1 | 1.4.1-1 | Critical | Fixed | |
| AVG-724 | 1.3.2-1 | 1.3.3-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-11054 | AVG-1152 | Low | Yes | Certificate verification bypass | In qutebrowser before version 1.11.1 there is an issue where after a certificate error was overridden by the user, qutebrowser displays the URL as yellow... |
| CVE-2018-1000559 | AVG-724 | Medium | Yes | Cross-site scripting | qutebrowser before 1.3.3 contains a Cross Site Scripting (XSS) vulnerability that can result in a website stealing the user's browsing history. This attack... |
| CVE-2018-10895 | AVG-735 | Critical | Yes | Arbitrary code execution | Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 07 May 2020 | ASA-202005-5 | AVG-1152 | Low | certificate verification bypass |
| 11 Jul 2018 | ASA-201807-3 | AVG-735 | Critical | arbitrary code execution |
| 26 Jun 2018 | ASA-201806-13 | AVG-724 | Medium | cross-site scripting |