CVE-2010-0011
uzbl < 2009.12.22 - Remote Code Execution via JavaScript run Method
Title source: llmDescription
The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.
References (7)
Core 7
Core References
Patch x_refsource_confirm
http://github.com/Dieterbe/uzbl/commit/1958b52d41cba96956dc1995660de49525ed1047
Various Sources mailing-list
x_refsource_mlist
http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000586.html
Patch x_refsource_confirm
http://github.com/Dieterbe/uzbl/downloads
Various Sources x_refsource_confirm
http://www.uzbl.org/news.php?id=22
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56612
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/01/06/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/01/06/3
Scores
EPSS
0.0214
EPSS Percentile
79.7%
Details
CWE
CWE-264
Status
published
Products (1)
uzbl/uzbl
< 2009.12.22
Published
Feb 25, 2010
Tracked Since
Feb 18, 2026