Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 225414 - CVE-2007-0537 Konqueror improper HTML comment rendering
Summary: CVE-2007-0537 Konqueror improper HTML comment rendering
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kdelibs
Version: 5.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Ngo Than
QA Contact: Radek Bíba
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-01-30 15:25 UTC by Josh Bressers
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-21 10:47:52 UTC


Attachments (Terms of Use)
Demo HTML file. This file should not display an alert dialog. (deleted)
2007-01-30 15:25 UTC, Josh Bressers
no flags Details

Description Josh Bressers 2007-01-30 15:25:27 UTC
A flaw was reported in the way Konqueror processes HTML which contains a comment
used in a certain manner.  It is possible to conduct a cross site scripting flaw
on sites that allow a user to enter HTML comments, which Konqueror will then
parse incorrectly, causing the site to display unintended content.

Comment 1 Josh Bressers 2007-01-30 15:25:27 UTC
Created attachment 146918 [details]
Demo HTML file.  This file should not display an alert dialog.

Comment 2 Josh Bressers 2007-01-30 15:29:54 UTC
This flaw also affects RHEL3.  I was unable to reproduce this flaw on RHEL2.1

Comment 3 Josh Bressers 2007-02-02 21:27:02 UTC
I'm lowering the severity of this flaw to low.  Dirk Mueller clarified this
flaw.  It only affects placing comments in the <title> HTML tags.  This
significantly reduces the usefulness of this flaw.

Comment 6 Josh Bressers 2007-04-25 13:49:11 UTC
I'm moving this bug to cover RHEL5, which means that it affects RHEL 3, 4, and 5.

Comment 10 Mark J. Cox 2007-08-21 10:47:52 UTC
Closing as deferred, we may fix this in a future update but do not plan on
fixing due to this issue.  Removing flags as it's not approved for RHEL update
at this time.


Note You need to log in before you can comment on or make changes to this bug.