A security issue in Xdg-utils has been reported, which can be exploited by malicious people to compromise a user's system.
The problem is caused when Xdg-open is used in a mailcap file to open files with user preferred applications. This can be exploited to execute arbitrary commands on a user's system e.g. when a specially crafted .desktop file with a safe MIME type is sent to Firefox.
Successful exploitation requires that a system is configured to open certain MIME types with Xdg-open e.g. via a mailcap file.
NOTE: This may also be exploitable via other applications that use a mailcap file to open files.
Solution: Do not invoke Xdg-open via a mailcap file.
Provided and/or discovered by: Manuel Reimer
Original Advisory: https://bugs.freedesktop.org/show_bug.cgi?id=19377
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org