CVE-2014-8600

Name of the Vulnerable Software and Affected Versions KDE-Runtime versions 4.14.3 and earlier kwebkitpart versions 1.3.4 and earlier kio-extras versions 5.1.1 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via a crafted URI using various schemes, which is not properly handled in an error message. The affected schemes include zip, trash, tar, thumbnail, smtps, smtp, smb, remote, recentdocuments, nntps, nntp, network, mbox, ldaps, ldap, fonts, file, desktop, cgi, bookmarks, or ar.

Recommendations For KDE-Runtime versions 4.14.3 and earlier, consider disabling the handling of crafted URIs using the affected schemes until a patch is available. For kwebkitpart versions 1.3.4 and earlier, restrict access to the vulnerable components to minimize the risk of exploitation. For kio-extras versions 5.1.1 and earlier, avoid using the affected schemes in error messages until the issue is resolved.