On Fri, Sep 23, 2005 at 03:49:12PM +0200, Florian Weimer wrote:
> * Florian Weimer:
>
> > * Alexander Sack:
> >
> >> Attached a start script that should fix this issue ...
> >
> >> echo moreargs $moreargs
> >
> > This seems to be some debugging cruft. Have you sent the correct
> > version?
>
> Uhm, it's still exploitable anway. This time, the command is:
>
> mozilla-thunderbird --compose 'mailto:'\''`df`'\'
>
Bad ... so this is the wrong approach.
You have an idea on how to fix the original script in a minimal way?
- Alexander
p.s. please take care that the bug is listed as To: or CC: when
replying to this mail (e.g. /reply-all/).
--
GPG messages preferred. | .''`. ** Debian GNU/Linux **
Alexander Sack | : :' : The universal
[EMAIL PROTECTED] | `. `' Operating System
http://www.asoftsite.org | `- http://www.debian.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
