uzbl: arbitrary command execution [LWN.net]

Package(s):

uzbl

CVE #(s):

CVE-2010-2809

Created:

August 23, 2010

Updated:

August 25, 2010

Description:

From the CVE entry:

The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.

Alerts:

Gentoo	201412-08	insight, perl-tk, sourcenav, tk, partimage, bitdefender-console, mlmmj, acl, xinit, gzip, ncompress, liblzw, splashutils, m4, kdm, gtk+, kget, dvipng, beanstalkd, pmount, pam_krb5, gv, lftp, uzbl, slim, iputils, dvbstreamer	2014-12-11
Fedora	FEDORA-2010-12276	uzbl	2010-08-07
Fedora	FEDORA-2010-12260	uzbl	2010-08-07