[CVE] Remote code execution due to CSRF on the qute://settings page
Bug #1782456 reported by
Simon Quigley
This bug report is a duplicate of:
Bug #1781295: CVE-2018-10895: Possible remote code execution via CSRF in qute://settings .
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qutebrowser (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bionic |
In Progress
|
Medium
|
Simon Quigley |
Bug Description
https:/
Due to a CSRF vulnerability affecting the qute://settings page, it was
possible for websites to modify qutebrowser settings. Via settings like
editor.command, this possibly allowed websites to execute arbitrary code.
This issue has been assigned CVE-2018-10895.
Changed in qutebrowser (Ubuntu Bionic): | |
importance: | Undecided → Medium |
assignee: | nobody → Simon Quigley (tsimonq2) |
Changed in qutebrowser (Ubuntu): | |
status: | New → Fix Released |
Changed in qutebrowser (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in qutebrowser (Ubuntu): | |
importance: | Undecided → Medium |
To post a comment you must log in.