oss-sec mailing list archives
CVE request: konqueror not providing any protection against clickjacking
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 4 Mar 2014 10:03:01 +0100
Hi, It may be debatable if that's a CVE issue, because it's basically a "there's a general vulnerability in the way HTML/JS is done, there's a protection mechanism and product X doesn't have it". I think it deserves one and as recently Konqueror issues popped up here I thought it might deserve a CVE: https://bugs.kde.org/show_bug.cgi?id=259070 Basically, pretty much all mainstream browsers support the X-Frame-Options header to allow web developers to secure their apps from clickjacking attacks. Konqueror doesn't support it. Please assign CVE. (and if curious: I've setup a test for X-FRAME-OPTIONS header functionality a while ago http://int21.de/frametest/ ) cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
Current thread:
- CVE request: konqueror not providing any protection against clickjacking Hanno Böck (Mar 04)
- Re: CVE request: konqueror not providing any protection against clickjacking cve-assign (Mar 06)