Users of the popular KDE environment for Linux will be unhappy to hear that Linux vendors are warning of a serious security flaw affecting the software. This bug is the most serious to hit KDE for almost a year, and relates to kjs, a Javascript interpreter used by the Konqueror Web browser and other parts of KDE. Seemingly, an incorrect bounds check in the interpreter allows a heap based buffer overflow when decoding maliciously crafted URI sequences encoded with UTF-8. This could be utilised by a malicious attacker to crash programs using kjs, such as Konqueror. Exploits are also possible which would execute malicious code.
Security vendor Secunia, which maintains a vulnerabilities database, said the flaw was "highly critical".