VULHUB ™

xdvizilla is a script that integrates DVI file viewing in Mozilla-based browsers. It is implemented with Debian tetex-bin package. xdvizilla is reported prone to an insecure temporary file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. tetex-bin 2.0.2 is reported prone to this issue. It is likely that other versions are affected as well.

xdvizilla is a script that integrates DVI file viewing in Mozilla-based browsers. It is implemented with Debian tetex-bin package. xdvizilla is reported prone to an insecure temporary file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. tetex-bin 2.0.2 is reported prone to this issue. It is likely that other versions are affected as well.