CVE-2010-0011

NameCVE-2010-0011
DescriptionThe eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
uzbl (PTS)jessie0.0.0~git.20120514-1.1fixed
stretch0.0.0~git.20120514-1.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
uzblsource(unstable)0.0.0~git.20100105-1medium

Notes

http://www.uzbl.org/news.php?id=22
maintainer is aware of it

Search for package or bug name: Reporting problems