[CVE] Remote code execution due to CSRF on the qute://settings page
Bug #1782456 reported by
Simon Quigley
This bug report is a duplicate of:
Bug #1781295: CVE-2018-10895: Possible remote code execution via CSRF in qute://settings .
Edit
Remove
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| qutebrowser (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
| Bionic |
In Progress
|
Medium
|
Simon Quigley | ||
Bug Description
https:/
Due to a CSRF vulnerability affecting the qute://settings page, it was
possible for websites to modify qutebrowser settings. Via settings like
editor.command, this possibly allowed websites to execute arbitrary code.
This issue has been assigned CVE-2018-10895.
| Changed in qutebrowser (Ubuntu Bionic): | |
| importance: | Undecided → Medium |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| Changed in qutebrowser (Ubuntu): | |
| status: | New → Fix Released |
| Changed in qutebrowser (Ubuntu Bionic): | |
| status: | New → In Progress |
| Changed in qutebrowser (Ubuntu): | |
| importance: | Undecided → Medium |
To post a comment you must log in.
