This update fix CVE-2018-10895  and a few minor bugs.
 : Due to a CSRF vulnerability affecting the
qute://settings page, it was
possible for websites to modify qutebrowser settings. Via settings like
editor.command, this possibly allowed websites to execute arbitrary code.
This version fix compatibility issues with qtwebengine 5.11.x, add support for page printing, tab muting, third-party cookie blocking and has the web inspector "enabled" (does not require
--enable-webengine-inspector) by default. It also ships a few bugfixes and changes.
|submitted||2 months ago|
|in testing||2 months ago|
|in stable||2 months ago|
|modified||2 months ago|
|0||0||#1600289 CVE-2018-10895 qutebrowser: Cross-site request forgery flaw allows sites to access 'qute://*' URLs and execute arbitrary code [fedora-all]|