The-Compiler

**Name of the Vulnerable Software and Affected Versions** qutebrowser versions prior to 1.4.1 **Description** The issue allows malicious websites to access 'qute://*' URLs, potentially leading to arbitrary code execution. This can be achieved by loading a 'qute://settings/set' URL, which sets the `editor.command` to a bash script. **Recommendations** For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to 'qute://*' URLs to prevent malicious websites from exploiting this flaw. Additionally, avoid using the `editor.command` variable to execute bash scripts until the issue is resolved.