FreeBSD : URI handler vulnerabilities in several browsers (df333ede-a8ce-11d8-9c6d-0020ed76ef5a)
High Nessus Plugin ID 37850
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionKarol Wiesek and Greg MacManus reported via iDEFENSE that the Opera web browser contains a flaw in the handling of certain URIs. When presented with these URIs, Opera would invoke external commands to process them after some validation. However, if the hostname component of a URI begins with a `-', it may be treated as an option by an external command. This could have undesirable side-effects, from denial-of-service to code execution. The impact is very dependent on local configuration.
After the iDEFENSE advisory was published, the KDE team discovered similar problems in KDE's URI handlers.
SolutionUpdate the affected packages.