"One bug to rule them all" vulnerability in KJS?
Michael Pyne
mpyne at kde.org
Fri Jul 17 05:21:03 BST 2009
There is a flaw provocatively labeled "One bug to rule them all" at this
link: http://www.g-sec.lu/one-bug-to-rule-them-all.html
The author claims to have contacted KDE regarding Konqueror and received
no response. The bug itself is a unconstrained memory allocation using
the select() JavaScript function (or something like that). I have not
tested the vulnerability since I have to be up in about 6 hours to
checkout of this hotel and hit the road again. :-/
This is sent from my webmail and I haven't had time to check the mailing
lists, I apologize if this is a dupe. If not we may want to investigate
this since it's now publicly disclosed.
Regards,
- Michael Pyne
More information about the kde-core-devel
mailing list