oss-sec mailing list archives
Re: Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included)
From: "Bernhard R. Link" <brlink () debian org>
Date: Wed, 7 Jan 2009 09:32:06 +0100
* Josh Bressers <bressers () redhat com> [090106 20:47]:
Here's a heads up for everyone (I've CCd the discoverer) ----- Forwarded Message -----
[...]
This page delivers a .desktop file with the mime-type "application/pdf". In default configuration, Firefox offers to open this file with the default application, which is xdg-open. Just one click on "OK" (and most users won't have a closer look at the dialog!) and the content in the .desktop file is immediately executed!
I guess that is what people get for reinventing "see", they get the exact same security problems other browser/"generic viewer" combinations had years ago.... And xdg-open had not even a way to specify the mime-type... </rant> Bernhard R. Link
Current thread:
- Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) Josh Bressers (Jan 06)
- Re: Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) Bernhard R. Link (Jan 07)
- Re: Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included) Steven M. Christey (Jan 07)