[Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.

From: Adeodato Simó (asp16_at_alu.ua.es)
Date: 10/27/04

Next message: Yanosz: "[Full-Disclosure] Re: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."

Previous message: Kurt Lieber: "[Full-Disclosure] [ GLSA 200410-27 ] mpg123: Buffer overflow vulnerabilities"
Next in thread: Yanosz: "[Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."
Reply: Yanosz: "[Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Yanosz <yanosz@gmx.net>, 278518-done@bugs.debian.org
Date: Wed, 27 Oct 2004 16:00:07 +0200

* Yanosz [Wed, 27 Oct 2004 15:45:21 +0200]:
> Package: Konqueror
> Version: 3.2.2-1 (sarge)
> Severity: Important

> In contrast to other browsers like firefox, Konqueror allows JavaScript to
> access other frames in a frameset, loaded with from different (sub)domain. By
> that enclosed / secret data can be read through a hidden frameset.
> See http://groenndemon.de/bla for demonstration.

  please see http://bugs.debian.org/261740. version 3.2.3-1.sarge.1
  (available in testing-proposed-updates) fixed the vulnerability and
  will be included in sarge.

you can use this version by adding this line to your sources.list:

deb http://your.mirror.debian.org/debian sarge-proposed-updates main

thanks,

-- 
Adeodato Simó
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
If there is a sin against life, it consists perhaps not so much in
despairing of life as in hoping for another life and in eluding the
implacable grandeur of this life.
                -- Albert Camus
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Yanosz: "[Full-Disclosure] Re: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."

Previous message: Kurt Lieber: "[Full-Disclosure] [ GLSA 200410-27 ] mpg123: Buffer overflow vulnerabilities"
Next in thread: Yanosz: "[Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."
Reply: Yanosz: "[Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: White flash between pages
... Such is life! ... > page renders. ... > There is nothing you can do about this, other than change the colour scheme, ... > or change from using frames - however in this case the flash would affect ...
(microsoft.public.frontpage.client)
Re: weird..
... im pretty sure its pre 03 only for the fact that in 03 the kh frames ... TRIALS 4 LIFE! ... *JONNY IS MY HERO!* ... trials_uni's Profile: http://www.unicyclist.com/profile/10953 ...
(rec.sport.unicycling)
Re: Good Day Yesterday ...
... I just cant get my head around what decent bikes cost now. ... Circumstances in life, i.e. raising family, lost ... my frames or equipment. ...
(uk.rec.cycling)
Re: MORE LUNACY FROM THE 20D !!!
... You know there's only 90,000 clicks life in a 20D? ... Time to count frames man. ... Specifications are good to read but ... I'm in the "how do the pictures look" category. ...
(rec.photo.equipment.35mm)
Re: Avril Lavigne
... Smart Ape - So Much Larger Than Life wrote: ... Great words won't cover ugly actions ... Good frames won't save bad paintings ...
(rec.sport.pro-wrestling)