July 11th, 2018

qutebrowser development blog: CVE-2018-10895: Remote code execution due to CSRF in qutebrowser

Python, by admin.

Description

Due to a CSRF vulnerability affecting the qute://settings page, it was
possible for websites to modify qutebrowser settings. Via settings like
editor.command, this possibly allowed websites to execute arbitrary code.

This issue has been assigned CVE-2018-10895.

Affected versions

The issue was introduced in v1.0.0, as …

Back Top

Comments are closed.