uzbl before 2010.08.05 user-assisted execution

2010.08.23
Credit: Alex Legler
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-94


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Please assign a CVE for the following issue: "With shell code in hyperlinks on a page, one of the sample (uzbl-core) resp. default (uzbl-browser) button bindings (binding for mousebutton2) would execute this code. This commit fixes that issue. Note that just upgrading your uzbl is not enough. If you have an existing config, the change will not be automatically applied. So be sure you have this change in your config." Source: http://www.uzbl.org/news.php?id=29 Upstream bug: http://www.uzbl.org/bugs/index.php?do=details&task_id=240 Thanks, Alex -- Alex Legler | Gentoo Security / Ruby a3li@gentoo.org | a3li@jabber.ccc.de <b>[prev in list] [next in list] [<font color="#c0c0c0">prev in thread</font>] [<font color="#c0c0c0">next in thread</font>] </b> </pre> </pre><br><center> Configure | About | News | Donate | Addalist | Sponsors:10East,KoreLogic,Terra-International,Chakpak.com </center> </body> </html>

References:

https://bugzilla.redhat.com/show_bug.cgi?id=621965
https://bugzilla.redhat.com/show_bug.cgi?id=621964
http://xforce.iss.net/xforce/xfdb/61011
http://www.uzbl.org/news.php?id=29
http://www.uzbl.org/bugs/index.php?do=details&task_id=240
http://www.securityfocus.com/bid/42297
http://marc.info/?l=oss-security&m=128111994317381&w=2
http://marc.info/?l=oss-security&m=128111493509265&w=2
http://github.com/pawelz/uzbl/commit/342f292c27973c9df5f631a38bd12f14a9c5cdc2
http://github.com/Dieterbe/uzbl/commit/9cc39cb5c9396be013b5dc2ba7e4b3eaa647e975


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top