Baloo, KDE's indexing engine is apparently hit by the same vulnerability that hits Tracker (except they didn't fix it, according to the article). Also, are you sure Firefox and none of the KDE applications are using gstreamer for the backend (e.g. for HTML5 videos)?
I dislike this idea that the Linux desktop is all Gnome and systemd, too, but the situation is pretty disastrous. Things that have an X in them, from X11 to (especially...) XDG shouldn't be trusted too much...
I dislike this idea that the Linux desktop is all Gnome and systemd, too, but the situation is pretty disastrous. Things that have an X in them, from X11 to (especially...) XDG shouldn't be trusted too much...