[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Universal XSS in Rekonq
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-07-21 17:56:43
Message-ID: 88743937.1126661279735003935.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2010-2536
Thanks.
--
JB
----- "Tim Brown" <timb@nth-dimension.org.uk> wrote:
> Hi guys,
>
> Can a CVE be assigned for the universal XSS in Rekonq
> (https://bugs.kde.org/show_bug.cgi?id=217464). Essentially, the error
> page
> displayed when a requested URL is not available includes said URL. If
> said
> URL includes HTML fragments these will be rendered in the context of
> the
> requested URL. If you request something like
> http://wontresolve.twitter.com/"><script>alert(document.cookies)</script>
> then
> you may very well snare your Twitter cookies.
>
> Originally when I reported this bug to the Rekonq developers, it was a
> very
> small project without much following, however Rekonq is starting to
> make its
> way into multiple distros so I thought it was probably time to flag it
> up.
>
> Quick history:
> 05/12/09 Reported by me against Rekonq 0.4
> 05/12/09 Added note that it also appears to affect Qt's demo browser
> 05/12/09 KDE patch kwebkitpart
> 07/12/09 Confirmed by Rekonq developers
> 13/04/10 Reported resolved by developers
> 14/07/10 Retested on 0.5 and found still to be vulnerable
>
> Cheers,
> Tim
> --
> Tim Brown
> <mailto:timb@nth-dimension.org.uk>
> <http://www.nth-dimension.org.uk/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic