source: uzbl 'uzbl-core' is prone to a vulnerability that lets attackers inject arbitrary commands because the application fails to adequately sanitize user-supplied input. This issue stems from an insecure default configuration setting. To exploit this issue, attackers must entice an unsuspecting user to click on a specially crafted URI with their middle mouse button. Exploiting this issue would permit remote attackers to inject and execute commands with the privileges of a user running the application. Test

click me with middle button
this will open a zenity dialog with your passwd file. I shouldn't be able to do this.