search

QupZilla / qupzilla

Cross-platform Qt web browser
http://www.qupzilla.com
GNU General Public License v3.0
1.11k stars 350 forks source link

Does qupzilla patched for Meltdown and spectre vulnerabilities? #2639

Closed ghost closed 6 years ago

ghost commented 6 years ago

Some user has recently posted about spectre vulnerability in a portable qupzilla packaged by a third party https://github.com/QupZilla/qupzilla/issues/2638 . I went and searched about Meltdown and spectre; it seems desktop and laptop users are more vulnerable to this issue. This is what the link says

browser-hosted Javascript is an important attack vector, with advisories and updates being issued for both Mozilla/Firefox and Chrome browsers.

Is qupzilla vulnerable for these attacks and if yes, is there a patch available?

NickLion commented 6 years ago
  1. My QupZilla built from git in OBS without special patches is not vulnerable.
  2. Final release of QupZilla was out about month ago. There wouldn't any new QupZilla releases. 2.2.6 is final. QupZilla is over, move to Falkon now. Anyway, both of them aren't vulnerable according to that site.
nowrep commented 6 years ago

QtWebEngine 5.9.4 and 5.10.1 are not vulnerable.