Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
From: Yanosz <yanosz () gmx net>, 2 () netsys com
Date: Wed, 27 Oct 2004 17:20:28 +0200


Am Mittwoch, 27. Oktober 2004 16:00 schrieb Adeodato Simó:
* Yanosz [Wed, 27 Oct 2004 15:45:21 +0200]:
Package: Konqueror
Version: 3.2.2-1 (sarge)
Severity: Important

In contrast to other browsers like firefox, Konqueror allows JavaScript
to access other frames in a frameset, loaded with from different
(sub)domain. By that enclosed / secret data can be read through a hidden
frameset. See http://groenndemon.de/bla for demonstration.

  please see http://bugs.debian.org/261740. version 3.2.3-1.sarge.1
  (available in testing-proposed-updates) fixed the vulnerability and
  will be included in sarge.

Ooops. Sorry.
Is stable affected as well?

Keep smiling

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]