CVE-2010-2809

The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:uzbl:uzbl:*:*:*:*:*:*:*:*
cpe:2.3:a:uzbl:uzbl:2009.12.22:*:*:*:*:*:*:*
cpe:2.3:a:uzbl:uzbl:2010.01.04:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-08-19 22:00

Updated : 2024-02-04 17:54


NVD link : CVE-2010-2809

Mitre link : CVE-2010-2809

CVE.ORG link : CVE-2010-2809


JSON object : View

Products Affected

uzbl

  • uzbl
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')