On 2018-12-11 22:15, Moritz Mühlenhoff wrote:
On Tue, Dec 11, 2018 at 04:42:17PM +0000, Mike Gabriel wrote:From my understanding the potential remote code executions that are mentioned in the CVE descriptions are triggered by a malign server and the code executions then happen on the client side.Thanks for background. Security issues only triggerable by a malicious RDP server are low impact, a malicious RDP server can mess with you in so many ways that client-side execution doesn't make a big difference.
That rhetoric is dangerous and false.What's next, vulnerabilities in Apache or Nginx that can trigger client-side vulnerabilities in Firefox are irrelevant, because …?
-- Cheers, Jan