Summary: | recent java/javascript sandbox bypassing issue seems still to work with fixed java versions | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | Carsten Lohrke <carstenlohrke> |
Component: | kjava | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | critical | ||
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Gentoo Packages | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Carsten Lohrke
2004-11-30 13:42:38 UTC
this went into 3.3.2 I did not investigate further. Is this similar to Opera's recent Java sandbox problem, or a minor issue? Does it need to be backported for KDE 3.2.3? Reopening for two reasons: - A bit more information about the issue would be fine. - Trying the java (#1) test from http://bcheck.scanit.be/bcheck/, konqueror 3.3.2 pops up a window, asking if I want to let javascript to open a new window, but then closes it again after a second. Either ask or not, but don't "withdraw" an opened dialog window. It's even worse: Executing the second test from http://secunia.com/advisories/11978/ (Bug 84352: Browser Frame Injection Vulnerability) opens the above named dialog ~20 times (infinite, but hit some constraint/max constant?), forcing me to kill konqueror and all the kio_http connections. Fixed see: http://www.kde.org/info/security/advisory-20041220-1.txt for more information Please open a new bugreport if you encounter problems with popup dialogs. |