

CVE-2011-3230 - Launch any file path from web page (Safari/OS X) - morsch
http://vttynotes.blogspot.com/2011/10/cve-2011-3230-launch-any-file-path-from.html

======
Xuzz
Note this appears to be fixed in the recent Safari 5.1.1 update, according to
Apple's support page here: <http://support.apple.com/kb/HT5000>

------
tambourine_man
Did I get this right? Can you launch rm with arguments for instance? If so,
this is huge.

~~~
deweller
No. You can't launch anything with arguments.

~~~
potatolicious
Then what's the point? :S

Click here to load Widget into WidgetFactory!

Then click on widgets. Then copy and paste this key in.

------
spleeyah
Doesn't seem to reproduce for me...

<http://www.spleeyah.com/a/>

------
cobrabyte
Guess I'll set Safari aside until they address this. Wild implications!

~~~
unfletch
Or until you install today's update. It's fixed in 5.1.1, which is included in
the OS X 10.7.2 software update: <http://support.apple.com/kb/HT5000>

