qutebrowser

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	A keyboard-driven, vim-like browser based on PyQt5
Version	2.5.0-1 [community]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2491	2.3.1-1		High	Not affected
AVG-1152	1.11.0-1	1.11.1-1	Low	Fixed
AVG-735	1.4.0-1	1.4.1-1	Critical	Fixed
AVG-724	1.3.2-1	1.3.3-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-41146	AVG-2491	High	Yes	Arbitrary code execution	Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers it as a handler for certain URL schemes. With some applications such as...
CVE-2020-11054	AVG-1152	Low	Yes	Certificate verification bypass	In qutebrowser before version 1.11.1 there is an issue where after a certificate error was overridden by the user, qutebrowser displays the URL as yellow...
CVE-2018-1000559	AVG-724	Medium	Yes	Cross-site scripting	qutebrowser before 1.3.3 contains a Cross Site Scripting (XSS) vulnerability that can result in a website stealing the user's browsing history. This attack...
CVE-2018-10895	AVG-735	Critical	Yes	Arbitrary code execution	Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like...

Advisories

Date	Advisory	Group	Severity	Type
07 May 2020	ASA-202005-5	AVG-1152	Low	certificate verification bypass
11 Jul 2018	ASA-201807-3	AVG-735	Critical	arbitrary code execution
26 Jun 2018	ASA-201806-13	AVG-724	Medium	cross-site scripting