Posted by Alfredo Ortega on May 16Title: Signal-desktop HTML tag injection variant 2

Date Published: 2018-05-16

Last Update: 2018-05-16

CVE Name: CVE-2018-11101

Class: Code injection

Remotely Exploitable: Yes

Locally Exploitable: No

Vendors contacted: Signal.org

Vulnerability Description:

Signal-desktop is the standalone desktop version of the secure
Signal messenger. This software is vulnerable to remote code execution
from a malicious contact, by sending a specially…

http://seclists.org/bugtraq/2018/May/44