KDE Security Advisory: khtml/konqueror title XSS vulnerability
Original Release Date: 2007-02-06
URL: http://www.kde.org/info/security/advisory-20070206-1.txt
0. References
CVE-2007-0537
1. Systems affected:
KDE including KDE 3.5.6.
2. Overview:
Jose Avila noticed that there is a possibility to inject
javascript references in
tags on websites that allow
user supplied data to be embeded inside the page title and
do not properly escape the text.
3. Impact:
On affected websites it is possible to conduct XSS attacks
and steal authorisation data.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
Patch for KDE 3.5.6 and newer
ftp://ftp.kde.org/pub/kde/security_patches :
edc2cba17795356e98eba6f3841c6277 post-3.5.6-kdelibs.diff