[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Universal XSS in Rekonq
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-07-21 17:56:43
Message-ID: 88743937.1126661279735003935.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2010-2536

Thanks.

-- 
    JB

----- "Tim Brown" <timb@nth-dimension.org.uk> wrote:

> Hi guys,
> 
> Can a CVE be assigned for the universal XSS in Rekonq 
> (https://bugs.kde.org/show_bug.cgi?id=217464).  Essentially, the error
> page 
> displayed when a requested URL is not available includes said URL.  If
> said 
> URL includes HTML fragments these will be rendered in the context of
> the 
> requested URL.  If you request something like 
> http://wontresolve.twitter.com/"><script>alert(document.cookies)</script>
> then 
> you may very well snare your Twitter cookies.
> 
> Originally when I reported this bug to the Rekonq developers, it was a
> very 
> small project without much following, however Rekonq is starting to
> make its 
> way into multiple distros so I thought it was probably time to flag it
> up.
> 
> Quick history:
> 05/12/09 Reported by me against Rekonq 0.4
> 05/12/09 Added note that it also appears to affect Qt's demo browser
> 05/12/09 KDE patch kwebkitpart
> 07/12/09 Confirmed by Rekonq developers
> 13/04/10 Reported resolved by developers
> 14/07/10 Retested on 0.5 and found still to be vulnerable
> 
> Cheers,
> Tim
> -- 
> Tim Brown
> <mailto:timb@nth-dimension.org.uk>
> <http://www.nth-dimension.org.uk/>
[prev in list] [next in list] [prev in thread] [next in thread]