CVE request: konqueror not providing any protection against clickjacking

[Hanno Böck <hanno () hboeck de>]

Hi,

It may be debatable if that's a CVE issue, because it's basically a
"there's a general vulnerability in the way HTML/JS is done, there's a
protection mechanism and product X doesn't have it". I think it
deserves one and as recently Konqueror issues popped up here I thought
it might deserve a CVE:
https://bugs.kde.org/show_bug.cgi?id=259070

Basically, pretty much all mainstream browsers support the
X-Frame-Options header to allow web developers to secure their apps
from clickjacking attacks. Konqueror doesn't support it.

Please assign CVE.

(and if curious: I've setup a test for X-FRAME-OPTIONS header
functionality a while ago http://int21.de/frametest/ )

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description: