Safety vulnerability ID: 38266
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Qutebrowser 1.11.1 includes a fix for CVE-2020-11054: After a certificate error was overridden by the user, qutebrowser displays the URL as yellow ('colors.statusbar.url.warn.fg'). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green ('colors.statusbar.url.success_https'). While the user already has seen a certificate error prompt at this point (or set 'content.ssl_strict' to 'false' which is not recommended), this could still provide a false sense of security.
Latest version: 3.4.0
A keyboard-driven, vim-like browser based on Python and Qt.
Security
- **CVE-2020-11054**: After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (`colors.statusbar.url.warn.fg`). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (`colors.statusbar.url.success_https`). While the user already has seen a certificate error prompt at this point (or set `content.ssl_strict` to `false` which is not recommended), this could still provide a false sense of security. This is now fixed.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application