Allow arbitrary URLs, expect arbitrary code execution: RCEs due to insecure use of QT's QDesktopServices::openUrl()

positive.security/blog/url-ope

RT @d_feldman
Ok this is slightly insane. OpenType (the common font format) actually supports simple scripts inside the font for complex characters and such. So a guy WROTE AN ENTIRE GAME INSIDE A FONT called Fontemon that you play by typing letters on the keyboard. coderelay.io/fontemon.html#pla

Explanations: Play, don't show
Interactive explorations of the X Window System and more.

magcius.github.io/xplain/artic

Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!