Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.

To: 78518-done@bugs.debian.org, full-disclosure@lists.netsys.com, debian-security@lists.debian.org
Subject: Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
From: Yanosz <yanosz@gmx.net>, 2@murphy.debian.org
Date: Wed, 27 Oct 2004 17:20:28 +0200
Message-id: <[🔎] 200410271720.35734.yanosz@gmx.net>
In-reply-to: <[🔎] 20041027140007.GA360@chistera.yi.org>
References: <[🔎] 200410271545.21782.yanosz@gmx.net> <[🔎] 20041027140007.GA360@chistera.yi.org>

Greetings,...

Am Mittwoch, 27. Oktober 2004 16:00 schrieb Adeodato Simó:
> * Yanosz [Wed, 27 Oct 2004 15:45:21 +0200]:
> > Package: Konqueror
> > Version: 3.2.2-1 (sarge)
> > Severity: Important
> >
> > In contrast to other browsers like firefox, Konqueror allows JavaScript
> > to access other frames in a frameset, loaded with from different
> > (sub)domain. By that enclosed / secret data can be read through a hidden
> > frameset. See http://groenndemon.de/bla for demonstration.
>
>   please see http://bugs.debian.org/261740. version 3.2.3-1.sarge.1
>   (available in testing-proposed-updates) fixed the vulnerability and
>   will be included in sarge.

Ooops. Sorry.
Is stable affected as well?

Keep smiling
yanosz

Reply to:

References:
- KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
  - From: "Yanosz" <yanosz@gmx.net>
- Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
  - From: Adeodato Simó <asp16@alu.ua.es>

Prev by Date: Re: Security issue? Daemon users has to much rights...
Next by Date: Re: Security issue? Daemon users has to much rights...
Previous by thread: Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
Next by thread: Re: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
Index(es):
- Date
- Thread