Interaction Error in xdg-open Affects Firefox and Freedesktop
CVE-2009-0068

Currently unrated

Key Information:

Vendor: Freedesktop
Status: Xdg-utils
Vendor: CVE Published:; 7 January 2009

🔔 Create Freedesktop Vulnerability Alert

What is CVE-2009-0068?

The xdg-open utility encounters a critical interaction error when processing files with MIME types. Attackers can exploit this flaw by sending specially crafted files that are labeled with safe MIME types. This manipulation tricks xdg-open into executing potentially harmful files based on incorrect automatic type detection. As demonstrated, this could lead to the unwanted modification of files, such as overwriting .desktop files, granting attackers a foothold in the targeted systems.

References

http://www.securityfocus.com/bid/33137

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2009/01/06/1

mailing-listx_refsource_MLIST

https://bugs.freedesktop.org/show_bug.cgi?id=19377

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2009
Vulnerability Reserved
Jan 7, 2009