Debian Linux Security Advisory 3165-1 - Jiri Horner discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely.
298e5a07e6894c3e9f9deb239f8a732c5b944f9972048325d4aaa29b057cc979