Shell command injection and Emacs Lisp injection vulnerabilities in one of the Emacs Desktop Entry (emacsclient-mail.desktop) leading to arbitrary code execution through a crafted mailto:
URI.
Read more…
An interesting spoofing attack resulting from the interaction between Firefox (or Thunderbird) MIME types handling and file managers.
Read more…
A dangerous file type association in Debian which could be used to trigger arbitrary code execution.
Read more…
I found an argument injection vulnerability related to the handling of the BROWSER
environment variable in sensible-browser
. This lead me (and others) to a a few other argument and shell command injection vulnerabilities in BROWSER
processing and browser invocation in general.
Read more…
Page 1 of 1 | Previous page | Next page | JSON Feed | Atom Feed