CVE-2010-2809

The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:uzbl:uzbl:2009.12.22:*:*:*:*:*:*:*
cpe:2.3:a:uzbl:uzbl:2010.01.04:*:*:*:*:*:*:*
cpe:2.3:a:uzbl:uzbl:*:*:*:*:*:*:*:*

Information

Published : 2010-08-19 15:00

Updated : 2017-08-16 18:32


NVD link : CVE-2010-2809

Mitre link : CVE-2010-2809


JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa

Products Affected

uzbl

  • uzbl