CVE-2010-0011

EUVD-2010-0043
The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
uzbluzbl
𝑥
≤ 2009.12.22
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
uzbl
dapper
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
not-affected
maverick
ignored
natty
ignored
oneiric
ignored
precise
not-affected
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
Common Weakness Enumeration
References
http://github.com/Dieterbe/uzbl/commit/1958b52d41cba96956dc1995660de49525ed1047
http://github.com/Dieterbe/uzbl/downloads
http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000586.html
http://www.openwall.com/lists/oss-security/2010/01/06/1
http://www.openwall.com/lists/oss-security/2010/01/06/3
http://www.uzbl.org/news.php?id=22
https://exchange.xforce.ibmcloud.com/vulnerabilities/56612
http://github.com/Dieterbe/uzbl/commit/1958b52d41cba96956dc1995660de49525ed1047
http://github.com/Dieterbe/uzbl/downloads
http://lists.uzbl.org/pipermail/uzbl-dev-uzbl.org/2010-January/000586.html
http://www.openwall.com/lists/oss-security/2010/01/06/1
http://www.openwall.com/lists/oss-security/2010/01/06/3
http://www.uzbl.org/news.php?id=22
https://exchange.xforce.ibmcloud.com/vulnerabilities/56612