Privilege Escalation via x-scheme-handler/http MIME Type in GNOME Display Manager (gdm)

Privilege Escalation via x-scheme-handler/http MIME Type in GNOME Display Manager (gdm)

CVE-2011-1709 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.

Learn more about our Web App Pen Testing.