FS#42775 : [kwebkitpart] insufficient input validation security fix

FS#42775 - [kwebkitpart] insufficient input validation security fix

Attached to Project: Arch Linux
Opened by Andrea Scarpino (BaSh) - Thursday, 13 November 2014, 16:00 GMT
Last edited by Andrea Scarpino (BaSh) - Friday, 14 November 2014, 13:07 GMT

Task Type	Bug Report
Category	Upstream Bugs
Status	Closed
Assigned To	Andrea Scarpino (BaSh)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname. For example going to bookmarks://hhdhdhhdhdhdh.google.com/'><script>alert('bookmarks'+document.domain);</script> in Konqueror makes a Javascript alert popup.

See also https://www.kde.org/info/security/advisory-20141113-1.txt

This task depends upon

Closed by Andrea Scarpino (BaSh)
Friday, 14 November 2014, 13:07 GMT
Reason for closing: Fixed
Additional comments about closing: kwebkitpart 1.3.4-3

	Tasks related to this task (0)

Duplicate tasks of this task (1)
~~FS#44170 - [kwebkitpart][CVE-2014-8600] Multiple XSS Vulnerabilities in ver~~

Arch Linux

FS#42775 - [kwebkitpart] insufficient input validation security fix

Details

Loading...