[Portland-bugs] [Bug 66670] xdg-open: command injection vulnerability
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sat Nov 15 11:06:37 PST 2014
https://bugs.freedesktop.org/show_bug.cgi?id=66670
--- Comment #4 from Rex Dieter <rdieter at math.unl.edu> ---
I'm starting to wonder if this is specific to xdg-utils at all.
Skipping xdg-open and running browsers directly:
/usr/bin/google-chrome-stable "http://127.0.0.1/$(xterm)"
/usr/bin/firefox "http://127.0.0.1/$(xterm)"
etc...
does exactly the same thing.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/portland-bugs/attachments/20141115/90cd16f2/attachment.html>
More information about the Portland-bugs
mailing list