Bug#561754: qt4-x11: remote info disclosure via css

To: submit@bugs.debian.org
Subject: Bug#561754: qt4-x11: remote info disclosure via css
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Sat, 19 Dec 2009 23:05:38 -0500
Message-id: <[🔎] 20091219230538.2622f0e8.michael.s.gilbert@gmail.com>
Reply-to: Michael Gilbert <michael.s.gilbert@gmail.com>, 561754@bugs.debian.org

package: qt4-x11
version: 4:4.5.3-4 
severity: important
tags: security

hi,

it has been disclosed that it is possible for any website to query the
user's site viewing history via css.  please see [0].  i have not
personally checked whether this package is vulnerable, but it seems to
be a general css design issue, so all css-supporting browsers are
likely affected. please check, and feel free to close the bug if the
package is not affected.   thanks.

mike

[0]
http://thecoffeedesk.com/news/index.php/2009/08/02/view-remote-browser-history/
Hi,

Your package embeds source code from xulrunner, which makes
security updates very cumbersome, difficult, and potentially
error-prone.  Please update your package to make use of the
shared library.  Thank you for your attention on this matter.

Best wishes,
Mike

Reply to:

Prev by Date: Bug#561752: kdelibs: remote info disclosure via css
Next by Date: Bug#561753: kde4libs: remote info disclosure via css
Previous by thread: Bug#561752: kdelibs: remote info disclosure via css
Next by thread: Bug#561753: kde4libs: remote info disclosure via css
Index(es):
- Date
- Thread