Version: (using KDE KDE 3.3.1) Installed from: Gentoo Packages The following browser tests http://www.heise.de/security/dienste/browsercheck/tests/java.shtml http://bcheck.scanit.be/bcheck/ let assume, that konqeuror is vulnerable, even though fixed java versions are in use (sun-jdk 1.4.2_06, blackdown-jdk-1.4.2_01) for reference: http://bugs.gentoo.org/show_bug.cgi?id=72750
this went into 3.3.2
I did not investigate further. Is this similar to Opera's recent Java sandbox problem, or a minor issue? Does it need to be backported for KDE 3.2.3?
Reopening for two reasons: - A bit more information about the issue would be fine. - Trying the java (#1) test from http://bcheck.scanit.be/bcheck/, konqueror 3.3.2 pops up a window, asking if I want to let javascript to open a new window, but then closes it again after a second. Either ask or not, but don't "withdraw" an opened dialog window.
It's even worse: Executing the second test from http://secunia.com/advisories/11978/ (Bug 84352: Browser Frame Injection Vulnerability) opens the above named dialog ~20 times (infinite, but hit some constraint/max constant?), forcing me to kill konqueror and all the kio_http connections.
Fixed see: http://www.kde.org/info/security/advisory-20041220-1.txt for more information Please open a new bugreport if you encounter problems with popup dialogs.