rnhmjoj/qutebrowser
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #4528 from blueyed/doc

Browse Source 
doc: link CVE  [ci skip]
This commit is contained in:
Florian Bruhin 2019-02-17 15:27:18 +01:00 committed by GitHub
commit e9908c1d0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/changelog.asciidoc
View File

@ -383,11 +383,11 @@ v1.3.3
Security
~~~~~~~~
- An XSS vulnerability on the `qute://history` page allowed websites to inject
HTML into the page via a crafted title tag. This could allow them to steal
your browsing history. If you're currently unable to upgrade, avoid using
`:history`. A CVE request for this issue is pending, see
https://github.com/qutebrowser/qutebrowser/issues/4011[#4011] for updates.
- CVE-2018-1000559: An XSS vulnerability on the `qute://history` page allowed
websites to inject HTML into the page via a crafted title tag. This could
allow them to steal your browsing history. If you're currently unable to
upgrade, avoid using `:history`. See the related GitHub issue for details:
https://github.com/qutebrowser/qutebrowser/issues/4011.
Fixed
~~~~~