SUSE CVE-2017-18266

The openenvvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment...

PT-2020-16799 · Mozilla +4 · Thunderbird +4

Name of the Vulnerable Software and Affected Versions: xdg-utils versions 1.1.0-rc1 and newer Description: A flaw was found in the xdg-email component. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could...