Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Anyone know whether Konqueror has this vulnerability?
The Firefox password manager vulnerability
Posted Nov 29, 2006 21:50 UTC (Wed) by stuart (subscriber, #623)
Posted Nov 30, 2006 8:22 UTC (Thu) by mms (subscriber, #11532)
So, is Konqueror vulnerable to this very problem? I'm not really sure.
Posted Nov 30, 2006 9:11 UTC (Thu) by nix (subscriber, #2304)
(Why [,;!] and not ?, I wonder? The comment in the code implies that this
is working around a `potential security issue' but doesn't say what that
Posted Nov 30, 2006 9:13 UTC (Thu) by khim (subscriber, #9252)
Previous answer was much better then your long tirada. Have you even read the article ?
The problem happens not when the wrong site shows the form. Problem happens when "trusted" site allow HTML in posts! Then you can put form with TARGET="malicious site" and fqdn or not fqdn - password will be sent to cracker...
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds