100 matches found
Code injection
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...
UBUNTU-CVE-2020-11054
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...
PYSEC-2020-97
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...
CVE-2020-11054 Incorrect Provision of Specified Functionality in qutebrowser
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...
CVE-2020-11054
This CVE affects qutebrowser prior to version 1.11.1. The issue is a UI/color-state bug: after a user overrides a certificate error, the status bar can briefly show green where yellow is appropriate, and on reloading the affected site the URL again shows green instead of reflecting the warning. T...
CVE-2020-11054
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...
[ASA-202005-5] qutebrowser: certificate verification bypass
Arch Linux Security Advisory ASA-202005-5 ========================================= Severity: Low Date : 2020-05-07 CVE-ID : CVE-2020-11054 Package : qutebrowser Type : certificate verification bypass Remote : Yes Link : https://security.archlinux.org/AVG-1152 Summary ======= The package...
qutebrowser -- Reloading page with certificate errors shows a green URL
Qutebrowser developers report: After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green colors.statusbar.url.successhttps...
openSUSE Security Update : qutebrowser (openSUSE-2019-545)
This update for qutebrowser fixes the following issues : Security issue fixed : - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507. - CVE-2018-10895: Fix CSRF issue on the qute://settings page boo1100968. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Fedora 28 : qutebrowser (2018-61dbd4a787)
This update fix CVE-2018-10895 0 and a few minor bugs. 0 : Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like editor.command, this possibly allowed websites to execute arbitrary code. ---- This version fix...
Fedora 28 : qutebrowser (2018-5c8854a808)
This update fixes an XSS vulnerability on the qute://history page :history. The vulnerability allowed websites to inject HTML into the page via a crafted title tag. This could allow them to steal your browsing history. It also ships some minor fixes not worth mentioning. ---- Add a few minor...
openSUSE: Security Advisory for qutebrowser (openSUSE-SU-2018:2120-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GHSA-WGMX-52PH-QQCW Qutebrowser CSRF Vulnerability
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access qute:// URLs. A malicious website could exploit this to load a qute://settings/set URL, which then sets editor.command to a bash script, resulting in arbitrary code execution...
Qutebrowser CSRF Vulnerability
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access qute:// URLs. A malicious website could exploit this to load a qute://settings/set URL, which then sets editor.command to a bash script, resulting in arbitrary code execution...
GHSA-M4FW-77V7-924M Qutebrowser XSS Vulnerability
qutebrowser version introduced in v0.11.0 1179ee7a937fb31414d77d9970bac21095358449 contains a Cross Site Scripting XSS vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be...
Qutebrowser XSS Vulnerability
qutebrowser version introduced in v0.11.0 1179ee7a937fb31414d77d9970bac21095358449 contains a Cross Site Scripting XSS vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be...
openSUSE Security Update : qutebrowser (openSUSE-2018-774)
This update for qutebrowser fixes the following issues : Security issue fixed : - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...
openSUSE Security Update : qutebrowser (openSUSE-2018-775)
This update for qutebrowser fixes the following issues : Security issue fixed : - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507. - CVE-2018-10895: Fix CSRF issue on the qute://settings page boo1100968. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
openSUSE: Security Advisory for qutebrowser (openSUSE-SU-2018:2130-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for qutebrowser (moderate)
This update for qutebrowser fixes the following issues: Security issue fixed: - CVE-2018-1000559: Fix an XSS issue on qute://history boo1101507...