513926 – Get New Fonts sent me to a suspicious website

Bug 513926 - Get New Fonts sent me to a suspicious website

Summary: Get New Fonts sent me to a suspicious website

Status:	REPORTED

Alias:	None

Product:	frameworks-knewstuff
Classification:	Frameworks and Libraries
Component:	general (other bugs)
Version First Reported In:	6.21.0
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Dan Leinir Turthra Jensen

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-12-28 20:14 UTC by colin.r.norris+kde
Modified:	2025-12-28 20:14 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description colin.r.norris+kde 2025-12-28 20:14:44 UTC

SUMMARY
I opened "Get New Fonts" from System Settings and tried to install the "MS True Type core fonts by SeanParsons" package but it sent me to a suspicious looking website (https://www.filecroco.c*o*m/file-sharing/ - I added wildcards to avoid linking to it here). I think it redirected there from a now-defunct URL (https://thelinuxbox.o*r*g/?page_id=3). I realize that this is "user-created content" and not directly a part of the KDE project, but I think if there's risk of sending users to random websites it would be better to deprecate this whole "Get New Fonts" feature and let people rely on their distro's package manager for fonts.

STEPS TO REPRODUCE
1. Open "Get New Fonts"
2. Try to install either of the "6,760 Fonts" or "MS True Type core fonts" packages
3. Get an error asking you to to visit a website instead
4. Click the link, browser opens
5. Original URL silently redirects to a suspicious website

OBSERVED RESULT
User ends up at a suspicious website.

EXPECTED RESULT
Fonts install.

SOFTWARE/OS VERSIONS
Operating System: Fedora Linux 43
KDE Plasma Version: 6.5.4
KDE Frameworks Version: 6.21.0
Qt Version: 6.10.1

ADDITIONAL INFORMATION