[prev in list] [next in list] [prev in thread] [next in thread]
List: konq-bugs
Subject: JavaScript's "Same Origin Policy" (XWT Foundation Security Advisory)
From: Vadim Plessky <lucy-ples () mtu-net ! ru>
Date: 2002-07-31 12:39:16
[Download RAW message or body]
I am wondering wether Konqueror is vulnerable to this security flaw?
If not - I think we should announce that Konq is safe against this flaw.
// It seesm Mozilla project was notified about this flaw, and Konqueror's tem
- not. Not very fair!
***
XWT Foundation Security Advisory
Adam Megacz <adam@xwt.org>
http://www.xwt.org/sop.txt
29-Jul-2002 [Public Release]
______________________________________________________________________________
Abstract
The following exploit constitutes a security flaw in JavaScript's
"Same Origin Policy" (SOP) [1]. Please note that this is *not* the
IE-specific flaw reported in Februrary [2].
The exploit allows an attacker to use any JavaScript-enabled web
browser behind a firewall to retrive content from (HTTP GET) and
interact with (HTTP <form/> POST) any HTTP server behind the
firewall. If the client in use is Microsoft Internet Explorer 5.0+,
Mozilla, or Netscape 6.2+, the attacker can also make calls to SOAP or
XML-RPC web services deployed behind the firewall.
...
01-Jul Advisory updated; SOAP/XML-RPC also vulnerable if client is
Microsoft Internet Explorer.
Microsoft Notified: secure@microsoft.com
Apache Foundation Notified: security@apache.org
Mozilla Project Notified: security@mozilla.org
CERT Notified: cert@cert.org
--
Vadim Plessky
http://kde2.newmail.ru (English)
33 Window Decorations and 6 Widget Styles for KDE
http://kde2.newmail.ru/kde_themes.html
KDE mini-Themes
http://kde2.newmail.ru/themes/
_______________________________________________
Konq-bugs mailing list
Konq-bugs@mail.kde.org
http://mail.kde.org/mailman/listinfo/konq-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic