| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Cross-site scripting vulnerability in Konqueror for KDE 3.0.3
| Package(s): | kdelibs | CVE #(s): | |||||||||||||
| Created: | September 17, 2002 | Updated: | November 18, 2002 | ||||||||||||
| Description: | Konqueror for KDE 3.0.3, and earlier versions, is subject to this cross-site scripting vulnerability. Since the problem is in kdelibs, any other application which uses the KHTML renderer is also vulnerable. Javascript code running in one frame can access other frames which should be inaccessible. The problem is fixed in kdelibs 3.0.3a. | ||||||||||||||
| Alerts: |
| ||||||||||||||
(Log in to post comments)
Cross-site scripting vulnerability in Konqueror for KDE 3.0.3
Posted Sep 19, 2002 7:59 UTC (Thu) by dannys (guest, #3651) [Link]
It should be noted that this also affects KDE 2.2.2, which is what the DSA listed above was talking about. 3.0.3a packages, which fix the vulnerability, are available from <a href="http://davidpashley.com/debian-kde/faq.html">the usual place</a>.
Cross-site scripting vulnerability in Konqueror for KDE 3.0.3
Posted Sep 19, 2002 8:00 UTC (Thu) by dannys (guest, #3651) [Link]
Agh, forgot to select HTML. I'm sure you can figure out <a/> syntax, tho. :)