oss-sec mailing list archives

Re: Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included)

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 7 Jan 2009 13:56:50 -0500 (EST)


======================================================
Name: CVE-2009-0068
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0068
Reference: MISC:https://bugs.freedesktop.org/show_bug.cgi?id=19377
Reference: MLIST:[oss-security] 20090106 Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox 
(Demonstration/Exploit included)
Reference: URL:http://www.openwall.com/lists/oss-security/2009/01/06/1

Interaction error in xdg-open allows remote attackers to execute
arbitrary code by sending a file with a dangerous MIME type but using
a safe type that Firefox sends to xdg-open, which causes xdg-open to
process the dangerous file type through automatic type detection, as
demonstrated by overwriting the .desktop file.

Current thread:

Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) Josh Bressers (Jan 06)
- Re: Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) Bernhard R. Link (Jan 07)
- Re: Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) Steven M. Christey (Jan 07)