• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

KDE Konqueror Multiple Remote Java Sandbox Bypass Vulnerabilities

KDE Konqueror is a freely available, open source web browser distributed and maintained by the KDE project. It is available for the UNIX and Linux operating systems.

Multiple remote Java sandbox bypass vulnerabilities affect KDE Konqueror. These issues are due to a failure of the application to properly secure the Java web plug-in.

The first issue is a failure of the application to restrict access to sensitive Java classes from the Java browser plug-in. The second issue is a failure of the application to restrict access to sensitive Java classes from JavaScript scripts.

These issues may be leveraged to carry out a variety of unspecified attacks including sensitive information disclosure and denial of service attacks. Any successful exploitation would take place with the privileges of the user running the affected browser application.