Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Freedesktop Xdg-utils远程代码执行漏洞
Vulnerability Description
Freedesktop Xdg-utils是Xdg组织的一个为桌面系统提供集成功能的软件。 Firefox在调用/etc/mailcap中所定义的xdg-open工具之前没有正确地验证文件的mime-type,这可能导致执行任意代码。 Firefox使用mailcap检测默认的关联应用程序,对于音频或PDF文件等mime类型,Firefox使用xdg-open为默认的应用程序。由于xdg-open本身会检测mime类型(或要求桌面管理器检测),嵌入了伪造mime-type的页面会导致执行恶意程序。
CVSS Information
N/A
Vulnerability Type
N/A