Re: Konqueror - security hole or bug?
On 06/15/2016 04:22 AM, tomas@tuxteam.de wrote:
> On Wed, Jun 15, 2016 at 09:32:18AM +0200, Hans wrote:
> > Dear community,
>
> > I found a strange behaviour with konqueror (does anyone use it?) and
> I believe
> > it is either a bug or a security problem.
>
> > the problem is the following:
>
> [browser generates lots of traffic]
>
> Well, browsers are designed to do that. Any javascript snippet served
> to you by e.g. www.heise.de or youtube.com may be phoning home anytime
> to "afford to you an awesome user experience".
>
> It might be pretty instructive to try to find out what *exactly* is
> going on (I sometimes do) -- but my "solution" is to disable javascript
> in my browser (these days, it takes some poking, but it's still
> possible). I have one browser profile with javascript enabled for
> the seldom cases I care enough about the functionality.
>
> Sad, but true.
>
> regards
> -- t
While javascript sounds like a likely culprit, the mention of konqueror
having been closed or in a shutdown sequence while still acting that way
seems kind of odd. It could possibly hint at javascript not being
sandboxed such as to only have access to the tab or window from which it
originates. I'm sure we all know why that would be less than ideal.
It may be worth testing further to ensure that this *is* indeed the case.
- Leon
Reply to: