ID:

CVE-2010-0011 (NVD)

- Vulnerability Info (edit)
2010-02-25

The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.

Products Uzbl
Type Permissions, Privileges, and Access Controls (CWE-264)
First patch http://github.com/Dieterbe/uzbl/commit/1958b52d41cba96956dc1995660de49525ed1047
Patches http://github.com/Dieterbe/uzbl/downloads
Relevant file/s • ./README (modified, +1, -20)
• ./tests/test-command.c (modified, -5)
• ./uzbl-core.c (modified, -10)
Links https://exchange.xforce.ibmcloud.com/vulnerabilities/56612
http://www.openwall.com/lists/oss-security/2010/01/06/3
http://www.openwall.com/lists/oss-security/2010/01/06/1
http://www.uzbl.org/news.php?id=22
http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000586.html
Annotation

Note:

This entry has not been annotated yet.

Please consider adding data:

uzbl - Tree: 1958b52d41

(? files)

Filter Settings
Files
Navigation
Patch data:

(on by default)


Patched area: