[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.

Package: Konqueror
Version: 3.2.2-1 (sarge)
Severity: Important

In contrast to other browsers like firefox, Konqueror allows JavaScript to 
access other frames in a frameset, loaded with from different (sub)domain. By 
that enclosed / secret data can be read through a hidden frameset.
See http://groenndemon.de/bla for demonstration.

(I'd like also to thank the webmaster for motivating me to explore that issue 
and setting a wegpage up for demonstration)

(Translation: Action Ändern -> Change action
Passwort klauen -> steel password
Abschicken -> submit)

Please verify this issue on other versions - 3.1.4 seems to be affected as 

Keep smiling

Reply to: