Lynx web browser vulnerability
Incidents.org is reporting on an advisory for users of lynx. For those of you that don’t know lynx, it is a text based web browser used in text only terminal environments. I’ve used lynx from time to time to see what websites look like to a text only reader to help design towards better accessibility. Anyway, the three of you using it to browse the web with need to upgrade… (please, it’s a joke…)
The vulnerability is described at idefense.com. It appears that a new development version of lynx has been released which fixes the problem. (Development version 2.8.6dev.15)
The problem is found in 2.8.5 and earlier versions of lynx. A workaround is suggested as follows.
Disable “lynxcgi” links by specifying the following directive in
lynx.cfg:TRUSTED_LYNXCGI:none
Joke above aside, lynx can be a useful, quick browser. I’ve used it many times in a script that evaluates content on a web page. (Say, testing to see if a page has the expected text on it.)
(Maybe next time I’ll get into the vi/emacs holy wars….)