qutebrowser -- Remote code execution due to CSRF

ID BD6CF187-8710-11E8-833D-18A6F7016652
Type freebsd
Reporter FreeBSD
Modified 2018-07-11T00:00:00


qutebrowser team reports:

Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like editor.command, this possibly allowed websites to execute arbitrary code.