Hi Ubuntu Security Team, I have conducted further analysis on this UAF and discovered that it can be used for information disclosure, not just a crash. I have attached a detailed report demonstrating three attack vectors, including a stable information leak via the sidebar (Route A). This fundamentally changes the security impact.
Please review the attached report and reconsider the CVE assignment. I have provided a full proof-of-concept and analysis. Thanks, zhangweichao ** Attachment added: "attachment.zip" https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/2156984/+attachment/5979723/+files/attachment.zip -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2156984 Title: UAF in Nautilus Unity quicklist bookmark handler To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/2156984/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
