It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public server list, a remote attacker could possibly execute arbitrary code.
Continue reading...
Continue reading...