CVE-2014-8600

Publication date 20 November 2014

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Description

Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.

Status

Package Ubuntu Release Status
kde-runtime 14.10 utopic
Fixed 4:4.14.1-0ubuntu1.1
14.04 LTS trusty
Fixed 4:4.13.3-0ubuntu0.2
12.04 LTS precise
Fixed 4:4.8.5-0ubuntu0.3
10.04 LTS lucid Not in release
kio-extras 14.10 utopic Not in release
14.04 LTS trusty Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
webkitkde 14.10 utopic
Fixed 1.3.4-1ubuntu0.1
14.04 LTS trusty
Fixed 1.3~git20120518.9a111005-3ubuntu1
12.04 LTS precise
Fixed 1.1.0git80efcf77-1ubuntu1
10.04 LTS lucid Ignored end of life

References

Related Ubuntu Security Notices (USN)

    • USN-2414-1
    • KDE-Runtime vulnerability
    • 24 November 2014

Other references