From $URL: Simon Lipp brought to our attention a nasty security bug. Apparently there are ways for javascripts from a website to reach our 'Uzbl' object an use its "run" function, by using DOM method overriding, stack inspection and maybe more. [...] But basically, if site admins modify their JS they can use the 'Uzbl.run' feature to execute uzbl commands (such as shell commands). Reproducer: http://users.edpnet.be/dieter/exploit.html
I fixed this last night, the only version available in portage now is uzbl-2010.01.05 which has the fix :)
(In reply to comment #1) > I fixed this last night, the only version available in portage now is > uzbl-2010.01.05 which has the fix :) > Please file a bug next time you bump something that contains security fixes. ~arch only → noglsa
CVE-2010-0011 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0011): The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.
