Family: Debian Local Security Checks --> Category: infos
[DSA167] DSA-167-1 kdelibs Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
A cross site scripting problem has been discovered in Konqueror, a
famous browser for KDE and other programs using KHTML. The KDE team
that Konqueror's cross site scripting protection fails to
initialize the domains on sub-(i)frames correctly. As a result,
the HTML source. Users of Konqueror and other KDE software that uses
the KHTML rendering engine may become victim of a cookie stealing and
other cross site scripting attacks.
This problem has been fixed in version 2.2.2-13.woody.3 for the
current stable distribution (woody) and in version 2.2.2-14 for the
unstable distribution (sid). The old stable distribution (potato) is
not affected since it didn't ship KDE.
We recommend that you upgrade your kdelibs package and restart
Solution : http://www.debian.org/security/2002/dsa-167
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.