[Full-Disclosure] KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
From: Yanosz (yanosz_at_gmx.net)
Date: 10/27/04
- Previous message: Yanosz: "[Full-Disclosure] Re: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."
- Next in thread: Adeodato Simó: "[Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."
- Reply: Adeodato Simó: "[Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."
- Reply: Yanosz: "[Full-Disclosure] Re: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: submit@bugs.debian.org Date: Wed, 27 Oct 2004 15:45:21 +0200
Package: Konqueror
Version: 3.2.2-1 (sarge)
Severity: Important
In contrast to other browsers like firefox, Konqueror allows JavaScript to
access other frames in a frameset, loaded with from different (sub)domain. By
that enclosed / secret data can be read through a hidden frameset.
See http://groenndemon.de/bla for demonstration.
(I'd like also to thank the webmaster for motivating me to explore that issue
and setting a wegpage up for demonstration)
(Translation: Action Ändern -> Change action
Passwort klauen -> steel password
Abschicken -> submit)
Please verify this issue on other versions - 3.1.4 seems to be affected as
well.
Keep smiling
yanosz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Yanosz: "[Full-Disclosure] Re: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."
- Next in thread: Adeodato Simó: "[Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."
- Reply: Adeodato Simó: "[Full-Disclosure] Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."
- Reply: Yanosz: "[Full-Disclosure] Re: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
