Mandriva Linux Security Advisory - The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. Also affects kdelibs 3.5.6, as per KDE official advisory.
a21172bcbb0303e9d0b0f74bfcca190017f7bf6cc6ef8607c778e1fbac5a72a9Gentoo Linux Security Advisory GLSA 200703-10 - The KHTML code allows for the execution of JavaScript code located inside the Title HTML element, a related issue to the Safari error found by Jose Avila. Versions less than 3.5.5-r8 are affected.
bcced2e9620602f6184ded8df9419abb96205767c97f5c62bad6a71665af370aUbuntu Security Notice 420-1 - Jose Avila III and Robert Tasarz discovered that the KDE HTML library did not correctly parse HTML comments inside the "title" tag. By tricking a Konqueror user into visiting a malicious website, an attacker could bypass cross-site scripting protections.
8c17e44af51cc760d19a656310e66096e4ed218eb06df338db24e90bbd00b6f5Mandriva Linux Security Advisory - FIXME Konqueror 3.5.5 does not properly parse HTML comments in title tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment, a related issue to CVE-2007-0478.
851720883aa79e0a8bee69fbeda498c78c19f0a54b306d8e270b0bd87cd1eacd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed