https://bugs.kde.org/show_bug.cgi?id=379294
--- Comment #3 from Martin Sandsmark <martin.sandsm...@kde.org> --- it won't directly lead to code execution, but can be used for phishing, or it can be used in a chain of other "not quite direct security holes" (e. g. an application that runs commands it receives as arguments getting launched by xdg-open). a concrete example; user receives malicious mail in mutt with a link to phishing.com disguised as a link to mybank.com. I'd say wontfix, but not up to me. -- You are receiving this mail because: You are watching all bug changes.
