|
|
Family: Debian Local Security Checks --> Category: infos
[DSA167] DSA-167-1 kdelibs Vulnerability Scan
Vulnerability Scan Summary
DSA-167-1 kdelibs
Detailed Explanation for this Vulnerability Test
A cross site scripting problem has been discovered in Konqueror, a
famous browser for KDE and other programs using KHTML. The KDE team
reports
that Konqueror's cross site scripting protection fails to
initialize the domains on sub-(i)frames correctly. As a result,
JavaScript is able to access any foreign subframe which is defined in
the HTML source. Users of Konqueror and other KDE software that uses
the KHTML rendering engine may become victim of a cookie stealing and
other cross site scripting attacks.
This problem has been fixed in version 2.2.2-13.woody.3 for the
current stable distribution (woody) and in version 2.2.2-14 for the
unstable distribution (sid). The old stable distribution (potato) is
not affected since it didn't ship KDE.
We recommend that you upgrade your kdelibs package and restart
Konqueror.
Solution : http://www.debian.org/security/2002/dsa-167
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
