|
Message-ID: <Pine.GSO.4.51.0901071356180.15738@faron.mitre.org> Date: Wed, 7 Jan 2009 13:56:50 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security <oss-security@...ts.openwall.com> cc: Manuel.Reimer@....de, coley@...re.org Subject: Re: Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) ====================================================== Name: CVE-2009-0068 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0068 Reference: MISC:https://bugs.freedesktop.org/show_bug.cgi?id=19377 Reference: MLIST:[oss-security] 20090106 Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/06/1 Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.