FS#42775 - [kwebkitpart] insufficient input validation security fix
Attached to Project:
Arch Linux
Opened by Andrea Scarpino (BaSh) - Thursday, 13 November 2014, 16:00 GMT
Last edited by Andrea Scarpino (BaSh) - Friday, 14 November 2014, 13:07 GMT
Opened by Andrea Scarpino (BaSh) - Thursday, 13 November 2014, 16:00 GMT
Last edited by Andrea Scarpino (BaSh) - Friday, 14 November 2014, 13:07 GMT
|
Details
Description:
kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname. For example going to bookmarks://hhdhdhhdhdhdh.google.com/'><script>alert('bookmarks'+document.domain);</script> in Konqueror makes a Javascript alert popup. See also https://www.kde.org/info/security/advisory-20141113-1.txt |
This task depends upon
Closed by Andrea Scarpino (BaSh)
Friday, 14 November 2014, 13:07 GMT
Reason for closing: Fixed
Additional comments about closing: kwebkitpart 1.3.4-3
Friday, 14 November 2014, 13:07 GMT
Reason for closing: Fixed
Additional comments about closing: kwebkitpart 1.3.4-3