qutebrowser

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A keyboard-driven, vim-like browser based on PyQt5
Version 1.8.3-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-735 1.4.0-1 1.4.1-1 Critical Fixed
AVG-724 1.3.2-1 1.3.3-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2018-1000559 AVG-724 Medium Yes Cross-site scripting
qutebrowser before 1.3.3 contains a Cross Site Scripting (XSS) vulnerability that can result in a website stealing the user's browsing history. This attack...
CVE-2018-10895 AVG-735 Critical Yes Arbitrary code execution
Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like...

Advisories

Date Advisory Group Severity Description
11 Jul 2018 ASA-201807-3 AVG-735 Critical arbitrary code execution
26 Jun 2018 ASA-201806-13 AVG-724 Medium cross-site scripting