Insomnia Security Advisories: Pidgin IM Insecure URL Handling Vulnerability
mark at kingant.net
Thu Aug 18 04:30:05 EDT 2011
On Sun, Aug 7, 2011 at 11:01 PM, Mark Doliner <mark at kingant.net> wrote:
> One other question. Should we be concerned about this issue on Linux,
> too? For something like a file:// URI to a file on an NFS or AFS
> share? Maybe a file on an auto-mounted NFS or SMB share...?
To answer my own question... there are a few ways we open file:///
URLs on Linux:
* gnome-open file://blah - Tries to open a file browser at the given location
* kfmclient openURL file://blah - I didn't test, but it seems like
it'll try to open a browser at the given location
* purple_notify_uri(NULL, file://blah) - Uses whatever browser you've
configured in Pidgin. I suppose this could be something that executes
the file... but that seems unlikely.
I don't know, it doesn't seem worth worrying about to me.
More information about the security