Lynx web browser vulnerability



Incidents.org is reporting on an advisory for users of lynx. For those of you that don’t know lynx, it is a text based web browser used in text only terminal environments. I’ve used lynx from time to time to see what websites look like to a text only reader to help design towards better accessibility. Anyway, the three of you using it to browse the web with need to upgrade… (please, it’s a joke…)

The vulnerability is described at idefense.com. It appears that a new development version of lynx has been released which fixes the problem. (Development version 2.8.6dev.15)


The problem is found in 2.8.5 and earlier versions of lynx. A workaround is suggested as follows.

Disable “lynxcgi” links by specifying the following directive in
lynx.cfg:

TRUSTED_LYNXCGI:none

Joke above aside, lynx can be a useful, quick browser. I’ve used it many times in a script that evaluates content on a web page. (Say, testing to see if a page has the expected text on it.)

(Maybe next time I’ll get into the vi/emacs holy wars….)

   Send article as PDF   

Similar Posts