rnhmjoj/qutebrowser
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

doc: link CVE [ci skip]

Browse Source
This commit is contained in:
Daniel Hahler 2019-01-16 02:49:30 +01:00
parent 9645b2ed0d
commit 7f518d0ce6
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/changelog.asciidoc
View File

@ -362,11 +362,11 @@ v1.3.3
Security
~~~~~~~~
- An XSS vulnerability on the `qute://history` page allowed websites to inject
HTML into the page via a crafted title tag. This could allow them to steal
your browsing history. If you're currently unable to upgrade, avoid using
`:history`. A CVE request for this issue is pending, see
https://github.com/qutebrowser/qutebrowser/issues/4011[#4011] for updates.
- CVE-2018-1000559: An XSS vulnerability on the `qute://history` page allowed
websites to inject HTML into the page via a crafted title tag. This could
allow them to steal your browsing history. If you're currently unable to
upgrade, avoid using `:history`. See the related GitHub issue for details:
https://github.com/qutebrowser/qutebrowser/issues/4011.
Fixed
~~~~~