Posted by joernchen on Nov 14

Hi,

I just ran into some RCE issue with xdg-open today and figured it’s known
and unfixed since 2013-06-10 [0] (respectively 2013-07-07 upstream [1])

As apparently noone cares about this I just leave a silly PoC [3]
(should work with Chromium on Arch/Gentoo Linux) here. Additional
requirement is a Window Manager which is _NOT_ one of the following:

* KDE
* GNOME
* MATE
* XFCE
* ENLIGHTENMENT

Cheers,

joernchen

[0]…