lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20041027140007.GA360@chistera.yi.org>
From: asp16 at alu.ua.es (Adeodato Simó)
Subject: Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.

* Yanosz [Wed, 27 Oct 2004 15:45:21 +0200]:
> Package: Konqueror
> Version: 3.2.2-1 (sarge)
> Severity: Important

> In contrast to other browsers like firefox, Konqueror allows JavaScript to 
> access other frames in a frameset, loaded with from different (sub)domain. By 
> that enclosed / secret data can be read through a hidden frameset.
> See http://groenndemon.de/bla for demonstration.

  please see http://bugs.debian.org/261740. version 3.2.3-1.sarge.1
  (available in testing-proposed-updates) fixed the vulnerability and
  will be included in sarge.

  you can use this version by adding this line to your sources.list:

    deb http://your.mirror.debian.org/debian sarge-proposed-updates main

  thanks,

-- 
Adeodato Sim?
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
If there is a sin against life, it consists perhaps not so much in
despairing of life as in hoping for another life and in eluding the
implacable grandeur of this life.
                -- Albert Camus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ