5 matches found
CVE-2020-27748
CVE-2020-27748 affects xdg-utils’ xdg-email in 1.1.0-rc1 and newer. Handling mailto: URIs, xdg-email can discreetly attach a file to an email sent to Thunderbird, via code in xdg-email (not Thunderbird). This can lead to exposure of sensitive data if a user unknowingly sends the email with the at...
CVE-2022-4055
CVE-2022-4055 affects xdg-utils (xdg-mail) when configured to use Thunderbird for mailto URLs; improper parsing can pass extra headers to Thunderbird that should not be included per RFC 2368, enabling a mailto URL that appears safe but attaches files when clicked. The related Nessus advisories (e...
CVE-2017-18266
CVE-2017-18266 applies to xdg-utils (xdg-open) where open_envvar does not validate strings before launching the program specified by BROWSER. The issue affects versions before 1.1.3 and can enable argument-injection via a crafted URL in the BROWSER value. Multiple connected advisories confirm ups...
CVE-2015-1877
CVE-2015-1877 relates to the open_generic_xdg_mime function in xdg-open (xdg-utils 1.1.0 rc1) on Debian with dash. The root cause is improper handling of local variables, which enables remote attackers to execute arbitrary commands via a crafted file. Documented impact is command execution with h...
CVE-2009-0068
CVE-2009-0068 affects the xdg-open component of xdg-utils. The flaw arises from an interaction error where a file sent with a dangerous MIME type but wrapped as a safe type is processed via automatic type detection, enabling remote attackers to execute arbitrary code (demonstrated by overwriting ...