Full Disclosure mailing list archives
Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
From: Adeodato Simó <asp16 () alu ua es>
Date: Wed, 27 Oct 2004 16:00:07 +0200
* Yanosz [Wed, 27 Oct 2004 15:45:21 +0200]:
Package: Konqueror Version: 3.2.2-1 (sarge) Severity: Important
In contrast to other browsers like firefox, Konqueror allows JavaScript to access other frames in a frameset, loaded with from different (sub)domain. By that enclosed / secret data can be read through a hidden frameset. See http://groenndemon.de/bla for demonstration.
please see http://bugs.debian.org/261740. version 3.2.3-1.sarge.1 (available in testing-proposed-updates) fixed the vulnerability and will be included in sarge. you can use this version by adding this line to your sources.list: deb http://your.mirror.debian.org/debian sarge-proposed-updates main thanks, -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 If there is a sin against life, it consists perhaps not so much in despairing of life as in hoping for another life and in eluding the implacable grandeur of this life. -- Albert Camus _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- KDE 3.2.2 (sarge) Konqueror suffers XSS vuln. Yanosz (Oct 27)
- Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln. Adeodato Simó (Oct 27)
- Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln. Yanosz (Oct 27)
- Re: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln. Yanosz (Oct 27)
- Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln. Adeodato Simó (Oct 27)