| Summary: | recent java/javascript sandbox bypassing issue seems still to work with fixed java versions | ||
|---|---|---|---|
| Product: | [Applications] konqueror | Reporter: | Carsten Lohrke <carstenlohrke> |
| Component: | kjava | Assignee: | Konqueror Bugs <konqueror-bugs-null> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | ||
| Priority: | NOR | ||
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Gentoo Packages | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
|
Description
Carsten Lohrke
2004-11-30 13:42:38 UTC
this went into 3.3.2 I did not investigate further. Is this similar to Opera's recent Java sandbox problem, or a minor issue? Does it need to be backported for KDE 3.2.3? Reopening for two reasons: - A bit more information about the issue would be fine. - Trying the java (#1) test from http://bcheck.scanit.be/bcheck/, konqueror 3.3.2 pops up a window, asking if I want to let javascript to open a new window, but then closes it again after a second. Either ask or not, but don't "withdraw" an opened dialog window. It's even worse: Executing the second test from http://secunia.com/advisories/11978/ (Bug 84352: Browser Frame Injection Vulnerability) opens the above named dialog ~20 times (infinite, but hit some constraint/max constant?), forcing me to kill konqueror and all the kio_http connections. Fixed see: http://www.kde.org/info/security/advisory-20041220-1.txt for more information Please open a new bugreport if you encounter problems with popup dialogs. |