• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

KDE Konqueror Sub-Frames Script Execution Vulnerability

When a browser window opens another window, security checks should prevent the parent from accessing the child if the latter is of another domain.

It has been reported that Konqeuror does not properly set the domain of sub-frames or sub-iframes correctly. It is possible for a parent window to set the URL of frames or iframes within a child window regardless of the domain. This has serious security implications as the parent can cause script code to be executed within the context of the child domain.

Other software that uses the KHTML interpreter is also prone to this issue.