CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41146 – Arbitrary command execution on Windows in qutebrowser
https://notcve.org/view.php?id=CVE-2021-41146
qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qutebrowserurl:...` URL can lead to execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as `:spawn` or `:debug-pyeval`. Only Windows installs where qutebrowser is registered as URL handler are affected. The issue has been fixed in qutebrowser v2.4.0. • https://github.com/qutebrowser/qutebrowser/commit/8f46ba3f6dc7b18375f7aa63c48a1fe461190430 https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-641: Improper Restriction of Names for Files and Other Resources •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11054 – Incorrect Provision of Specified Functionality in qutebrowser
https://notcve.org/view.php?id=CVE-2020-11054
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false, which is not recommended), this could still provide a false sense of security. This has been fixed in 1.11.1 and 1.12.0. • https://bugs.kde.org/show_bug.cgi?id=420902 https://github.com/qutebrowser/qutebrowser/commit/021ab572a319ca3db5907a33a59774f502b3b975 https://github.com/qutebrowser/qutebrowser/commit/19f01bb42d02da539446a52a25bb0c1232b86327 https://github.com/qutebrowser/qutebrowser/commit/1b7946ed14b386a24db050f2d6dba81ba6518755 https://github.com/qutebrowser/qutebrowser/commit/2281a205c3e70ec20f35ec8fafecee0d5c4f3478 https://github.com/qutebrowser/qutebrowser/commit/4020210b193f77cf1785b21717f6ef7c5de5f0f8 https://github.com/qutebrowser/qutebrowser/commit/6821c236f9ae23adf21d46ce0d56768ac8d0c467 https:& • CWE-684: Incorrect Provision of Specified Functionality •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10895
https://notcve.org/view.php?id=CVE-2018-10895
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution. qutebrowser en versiones anteriores a la 1.4.1 es vulnerable a un error de Cross-Site Request Forgery (CSRF) que permite que los sitios web accedan a URL "qute://*". Un sitio web malicioso podría explotar esta vulnerabilidad para cargar una URL "qute://settings/set", que después asigna "editor.command" a un script bash. Esto resulta en la ejecución de código arbitrario. • http://www.openwall.com/lists/oss-security/2018/07/11/7 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10895 https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000559
https://notcve.org/view.php?id=CVE-2018-1000559
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted <title> attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week). La versión de qutebrowser introducida en v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contiene una vulnerabilidad Cross-Site Scripting (XSS) en el comando history en la página qute://history, que puede resultar en que una página web puede robar el historial de navegación del usuario mediante la inyección de código JavaScript. Este ataque parece ser explotable si la víctima abre una página con un atributo especialmente manipulado y luego abre el sitio qute://history mediante el comando :history. • https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7 https://github.com/qutebrowser/qutebrowser/commit/5a7869f2feaa346853d2a85413d6527c87ef0d9f https://github.com/qutebrowser/qutebrowser/issues/4011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •