FreeBSD : kwebkitpart, kde-runtime -- insufficient input validation (890b6b22-70fa-11e4-91ae-5453ed2e2b49)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Albert Aastals Cid reports :

kwebkitpart and the bookmarks:// io slave were not sanitizing input
correctly allowing to some JavaScript being executed on the context of
the referenced hostname.

Whilst in most cases, the JavaScript will be executed in an untrusted
context, with the bookmarks IO slave, it will be executed in the
context of the referenced hostname. It should however be noted that
KDE mitigates this risk by attempting to ensure that such URLs cannot
be embedded directly into Internet hosted content.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 79365 ()

Bugtraq ID:

CVE ID: CVE-2014-8600

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now