The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 9 | all | uzbl | < 0.0.0~git.20120514-1.2 | uzbl_0.0.0~git.20120514-1.2_all.deb |