Ubuntu Security Notice 2414-1 - Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript.
a8e4d35135b503e43f7c352287cd61c345c6b291c09a386e9b98a354fd84ea40
It was discovered that a number of the protocol handlers (referred to as IO slaves) did not satisfactorily handle malicious input. It is possible for an attacker to inject JavaScript by manipulating IO slave URI such that the JavaScript from the manipulated request is returned in the response.
e347068492c2b02155919e28caab949adb5a3b0bc7cde80b54669e096dfe6353