oss-sec mailing list archives
Re: Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 7 Jan 2009 13:56:50 -0500 (EST)
====================================================== Name: CVE-2009-0068 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0068 Reference: MISC:https://bugs.freedesktop.org/show_bug.cgi?id=19377 Reference: MLIST:[oss-security] 20090106 Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/06/1 Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.
Current thread:
- Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) Josh Bressers (Jan 06)
- Re: Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) Bernhard R. Link (Jan 07)
- Re: Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) Steven M. Christey (Jan 07)