Bug#561754: qt4-x11: remote info disclosure via css
package: qt4-x11
version: 4:4.5.3-4
severity: important
tags: security
hi,
it has been disclosed that it is possible for any website to query the
user's site viewing history via css. please see [0]. i have not
personally checked whether this package is vulnerable, but it seems to
be a general css design issue, so all css-supporting browsers are
likely affected. please check, and feel free to close the bug if the
package is not affected. thanks.
mike
[0]
http://thecoffeedesk.com/news/index.php/2009/08/02/view-remote-browser-history/
Hi,
Your package embeds source code from xulrunner, which makes
security updates very cumbersome, difficult, and potentially
error-prone. Please update your package to make use of the
shared library. Thank you for your attention on this matter.
Best wishes,
Mike
Reply to: