Bug#378962: konqueror: CVE-2006-3672: remote denial of service (crash)
Alec Berryman wrote:
> CVE-2006-3672: "KDE Konqueror 3.5.1 and earlier allows remote attackers
> to cause a denial of service (application crash) by calling the
> replaceChild method on a DOM object, which triggers a null dereference,
> as demonstrated by calling document.replaceChild with a 0 (zero)
> argument."
>
> I have reproduced this with 4:3.5.3-2 using [1]. A backtrace is
> attached.
>
> I have not yet confirmed if this issue affects sarge.
Thanks, this doesn't affect stable, at least not with the reproducer
above.
Cheers,
Moritz
Reply to: