[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.

To: 78518-done@xxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx, debian-security@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
From: Yanosz <yanosz@xxxxxxx>, 2@xxxxxxxxxx
Date: Wed, 27 Oct 2004 17:20:28 +0200

Greetings,...

Am Mittwoch, 27. Oktober 2004 16:00 schrieb Adeodato Simó:
> * Yanosz [Wed, 27 Oct 2004 15:45:21 +0200]:
> > Package: Konqueror
> > Version: 3.2.2-1 (sarge)
> > Severity: Important
> >
> > In contrast to other browsers like firefox, Konqueror allows JavaScript
> > to access other frames in a frameset, loaded with from different
> > (sub)domain. By that enclosed / secret data can be read through a hidden
> > frameset. See http://groenndemon.de/bla for demonstration.
>
>   please see http://bugs.debian.org/261740. version 3.2.3-1.sarge.1
>   (available in testing-proposed-updates) fixed the vulnerability and
>   will be included in sarge.

Ooops. Sorry.
Is stable affected as well?

Keep smiling
yanosz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
  - From: Yanosz
- [Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
  - From: Adeodato Simó

Prev by Date: [Full-Disclosure] [ GLSA 200410-28 ] rssh: Format string vulnerability
Next by Date: [Full-Disclosure] Crashs in Master of Orion III 1.2.5
Previous by thread: [Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
Next by thread: [Full-Disclosure] [ GLSA 200410-28 ] rssh: Format string vulnerability
Index(es):
- Date
- Thread