Interaction error in xdg-open allows remote malicious users to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freedesktop xdg-utils 1.0 |