thr3ads.net - Secure testing team - [Secure-testing-team] Bug#594301: CVE-2010-2809: The default configuration does not properly use the @SELECTED

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2010-Aug-25 07:21 UTC

[Secure-testing-team] Bug#594301: CVE-2010-2809: The default configuration does not properly use the @SELECTED_URI feature

Package: uzbl
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for uzbl.

CVE-2010-2809[0]:
| The default configuration of the &lt;Button2&gt; binding in Uzbl
before
| 2010.08.05 does not properly use the @SELECTED_URI feature, which
| allows user-assisted remote attackers to execute arbitrary commands
| via a crafted HREF attribute of an A element in an HTML document.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2809
    http://security-tracker.debian.org/tracker/CVE-2010-2809

Cheers,
Giuseppe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkx0xHAACgkQNxpp46476aqC0QCgkuktJJZdbPH34bU2eD9I4CRi
ai8An25seVAEQUkJk6iX5SJG21XSPjNP
=SpKj
-----END PGP SIGNATURE-----

Secure testing team - Aug 2010 - Bug#594301: CVE-2010-2809: The default configuration does not properly use the @SELECTED_URI feature

[Secure-testing-team] Bug#594301: CVE-2010-2809: The default configuration does not properly use the @SELECTED_URI feature