CVE-2010-2809

Name of the Vulnerable Software and Affected Versions Uzbl versions prior to 2010.08.05

Description The issue concerns the default configuration of the Button2 binding in Uzbl, which does not properly utilize the @SELECTED URI feature. This allows remote attackers to execute arbitrary commands with user assistance, by crafting the HREF attribute of an A element in an HTML document.

Recommendations For versions prior to 2010.08.05, update to a version that properly uses the @SELECTED URI feature to mitigate the risk of arbitrary command execution.