The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Uzbl | Uzbl | * | 2009.12.22 |