Bug#830143: mupdf's libjs can talk to the terminal and interact

On Wed, Jul 6, 2016, at 10:28 PM, Ian Jackson wrote: > Kan-Ru Chen writes ("Re: Bug#830143: mupdf's libjs can talk to the > terminal and interact"): > > Thanks for the report. Why did you think this is Severity: serious and > > Tags: security? Is the js con

Bug#830143: mupdf's libjs can talk to the terminal and interact

Kan-Ru Chen writes ("Re: Bug#830143: mupdf's libjs can talk to the terminal and interact"): > Thanks for the report. Why did you think this is Severity: serious and > Tags: security? Is the js console vulnerable to arbitrary code > execution? My initial report describes

Bug#830143: mupdf's libjs can talk to the terminal and interact

Thanks for the report. Why did you think this is Severity: serious and Tags: security? Is the js console vulnerable to arbitrary code execution? Kanru

Bug#830143: mupdf's libjs can talk to the terminal and interact

Package: mupdf Version: 1.5-1+b2 Severity: serious Tags: security To reproduce, mupdf breakout.pdf left click in the window Depending where you click, you will see: > [] printed on the terminal, and/or libjs: ReferenceError: global is not defined mupdf will then apparently wait for termi