[Portland-bugs] [Bug 103807] Argument injection in xdg-open open_envvar

[bugzilla-daemon at freedesktop.org]

https://bugs.freedesktop.org/show_bug.cgi?id=103807

--- Comment #13 from Gabriel Corona <gabriel.corona at enst-bretagne.fr> ---
By the way, this vulnerability is not about arbitrary shell command injection.
We can only inject extra arguments in the browser exec() by injecting IFS
characters.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/portland-bugs/attachments/20180514/1297871f/attachment.html>