DEC
20
2004

Security: Konqueror Java Vulnerability

A

security advisory

was issued today for

a vulnerability in Konqueror's handling of Java applets.

The issue was reported to
security@kde.org by
heise Security after a report of

a similar vulnerability in the Opera web browser
. All versions of KDE up to KDE 3.3.1 inclusive are affected. KDE 3.3.2 is not affected.

Comments

hopefully 3.3.2 will make into debian/unstable soon... :-)

btw and p.s.

how can it be possible that Lars Knoll still does *not* have cvs write access to the mozilla codebase?????

https://bugzilla.mozilla.org/show_bug.cgi?id=265484

Are mozilla not interested in participation of KDE?


By ac at Mon, 2004/12/20 - 6:00am

> Are mozilla not interested in participation of KDE?

The Mozilla developers have some rules that you must have attached patches which get applied to reports before you get a CVS account - even if you're the co-author of imported code (only the co-author who comes first gets an account immediately). Believe it or not. Additionally Lars was until today busy with Qt 4 Beta.


By Anonymous at Mon, 2004/12/20 - 6:00am

I think we can all support the idea of him working on Qt 4. :)


By Ian Monroe at Tue, 2004/12/21 - 6:00am

> The Mozilla developers have some rules that you must have attached patches
> which get applied to reports before you get a CVS account - even if you're the
> co-author of imported code (only the co-author who comes first gets an
> account immediately). Believe it or not.

Ok, thanks for the info. So it can only get better :-)


By ac at Tue, 2004/12/21 - 6:00am

Can anybody explain why bug #94164 is still open/unconfirmed and the latest comment is far away from confirming that the issue is resolved?


By Joe Random User at Tue, 2004/12/21 - 6:00am

Comment #4 is void, if you have the fix for the recent Konqueror Window Injection Vulnerability applied. It's just an (minor) issue, that the popup dialog in the mentioned test gets closed unexpectedly.


By Carlo at Tue, 2004/12/21 - 6:00am