Pro-Linux

Sicherheit: Ausführen beliebiger Kommandos in xdg-utils

again. This makes it rather trivial to present a script (such as a .desktop file) as a document type (like a PDF) so that it looks safe to click on in a browser, but will result in the execution of an ...
Pro-Linux

Sicherheit: Mangelnde Eingabeprüfung in Xdg-utils

the environment variable BROWSER in the victim host has a "%s" and the victim opens a link crafted by an attacker with xdg-open, the malicious party could manipulate the parameters used by the browser ...