W3M SSL Certificate Format String Vulnerability

info
discussion
exploit
solution
references

W3M SSL Certificate Format String Vulnerability

W3M is prone to a format-string vulnerability. This issue can occur when the browser processes SSL certificates that include format specifiers.

A successful exploit could result in the execution of arbitrary code in the context of the user running the browser.

The vulnerability was reported to affect version 0.5.1; prior versions could also be affected.