Debian: DSA 167-1 Moderate: Konqueror Cross-Site Scripting Risk
debian
September 16, 2002
Users of Konqueror and other KDE software that usesthe KHTML rendering engine may become victim of a cookie stealing andother cross site scripting attacks.
Topics Covered
Summary
A cross site scripting problem has been discovered in Konquerer, a
famous browser for KDE and other programs using KHTML. The KDE team
reports that Konqueror's cross site scripting protection fails to
initialize the domains on sub-(i)frames correctly. As a result,
Javascript is able to access any foreign subframe which is defined in
the HTML source. Users of Konqueror and other KDE software that uses
the KHTML rendering engine may become victim of a cookie stealing and
other cross site scripting attacks.
This problem has been fixed in version 2.2.2-13.woody.3 for the
current stable distribution (woody) and in version 2.2.2-14 for the
unstable distribution (sid). The old stable distribution (potato) is
not affected since it didn't ship KDE.
We recommend that you upgrade your kdelibs package and restart
Konquerer.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given...
PREVIOUS
NEXT
Package: Konquerer
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!