Security: Konqueror Java Vulnerability

A

security advisory

was issued today for

a vulnerability in Konqueror's handling of Java applets.

The issue was reported to
[email protected] by
heise Security after a report of

a similar vulnerability in the Opera web browser
. All versions of KDE up to KDE 3.3.1 inclusive are affected. KDE 3.3.2 is not affected.

Dot Categories: 

Comments

by ac (not verified)

hopefully 3.3.2 will make into debian/unstable soon... :-)

btw and p.s.

how can it be possible that Lars Knoll still does *not* have cvs write access to the mozilla codebase?????

https://bugzilla.mozilla.org/show_bug.cgi?id=265484

Are mozilla not interested in participation of KDE?

by Anonymous (not verified)

> Are mozilla not interested in participation of KDE?

The Mozilla developers have some rules that you must have attached patches which get applied to reports before you get a CVS account - even if you're the co-author of imported code (only the co-author who comes first gets an account immediately). Believe it or not. Additionally Lars was until today busy with Qt 4 Beta.

by Ian Monroe (not verified)

I think we can all support the idea of him working on Qt 4. :)

by ac (not verified)

> The Mozilla developers have some rules that you must have attached patches
> which get applied to reports before you get a CVS account - even if you're the
> co-author of imported code (only the co-author who comes first gets an
> account immediately). Believe it or not.

Ok, thanks for the info. So it can only get better :-)

by Joe Random User (not verified)

Can anybody explain why bug #94164 is still open/unconfirmed and the latest comment is far away from confirming that the issue is resolved?

by Carlo (not verified)

Comment #4 is void, if you have the fix for the recent Konqueror Window Injection Vulnerability applied. It's just an (minor) issue, that the popup dialog in the mentioned test gets closed unexpectedly.