W3M Frame Enabled Browsing Cross Site Scripting Vulnerability

W3M Frame Enabled Browsing Cross Site Scripting Vulnerability

Solution:
It is recommended that all Gentoo Linux users who are running
net-www/w3m upgrade to w3m-0.3.2.2 as follows:

emerge sync
emerge -u w3m
emerge clean

OpenPKG has released a security advisory (OpenPKG-SA-2003.009) which contains information on how to obtain fixes via ftp. OpenPKG users are advised to upgrade their w3m packages as soon as possible.

Fixes available:

W3M W3M 0.2

RedHat w3m-0.3.1-4.7.1.1.i386.rpm
ftp://updates.redhat.com/7.0/ja/os/i386/w3m-0.3.1-4.7.1.1.i386.rpm

W3M W3M 0.2.1

RedHat w3m-0.3.1-4.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/w3m-0.3.1-4.7.2.i386.rpm

RedHat w3m-0.3.1-4.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/w3m-0.3.1-4.7.2.ia64.rpm

W3M w3mmee 0.3 .p23.3

Debian w3mmee-img_0.3.p23.3-1.5_alpha.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_alpha.deb

Debian w3mmee-img_0.3.p23.3-1.5_arm.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_arm.deb

Debian w3mmee-img_0.3.p23.3-1.5_hppa.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_hppa.deb

Debian w3mmee-img_0.3.p23.3-1.5_i386.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_i386.deb

Debian w3mmee-img_0.3.p23.3-1.5_ia64.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_ia64.deb

Debian w3mmee-img_0.3.p23.3-1.5_m68k.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_m68k.deb

Debian w3mmee-img_0.3.p23.3-1.5_mips.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_mips.deb

Debian w3mmee-img_0.3.p23.3-1.5_mipsel.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_mipsel.deb

Debian w3mmee-img_0.3.p23.3-1.5_powerpc.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_powerpc.deb

Debian w3mmee-img_0.3.p23.3-1.5_s390.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_s390.deb

Debian w3mmee-img_0.3.p23.3-1.5_sparc.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p 23.3-1.5_sparc.deb

Debian w3mmee_0.3.p23.3-1.5_alpha.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_alpha.deb

Debian w3mmee_0.3.p23.3-1.5_arm.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_arm.deb

Debian w3mmee_0.3.p23.3-1.5_hppa.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_hppa.deb

Debian w3mmee_0.3.p23.3-1.5_i386.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_i386.deb

Debian w3mmee_0.3.p23.3-1.5_ia64.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_ia64.deb

Debian w3mmee_0.3.p23.3-1.5_m68k.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_m68k.deb

Debian w3mmee_0.3.p23.3-1.5_mips.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_mips.deb

Debian w3mmee_0.3.p23.3-1.5_mipsel.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_mipsel.deb

Debian w3mmee_0.3.p23.3-1.5_powerpc.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_powerpc.deb

Debian w3mmee_0.3.p23.3-1.5_s390.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_s390.deb

Debian w3mmee_0.3.p23.3-1.5_sparc.deb
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3 -1.5_sparc.deb

W3M w3mmee-ssl 0.3 .p23.3

Debian w3mmee-ssl_0.3.p23.3-1.5.woody_alpha.deb
Debian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_alpha.deb

Debian w3mmee-ssl_0.3.p23.3-1.5.woody_arm.deb
Debian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_arm.deb

Debian w3mmee-ssl_0.3.p23.3-1.5.woody_hppa.deb
Debian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_hppa.deb

Debian w3mmee-ssl_0.3.p23.3-1.5.woody_i386.deb
Debian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_i386.deb

Debian w3mmee-ssl_0.3.p23.3-1.5.woody_ia64.deb
Debian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_ia64.deb

Debian w3mmee-ssl_0.3.p23.3-1.5.woody_m68k.deb
Debian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_m68k.deb

Debian w3mmee-ssl_0.3.p23.3-1.5.woody_mips.deb
Debian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_mips.deb

Debian w3mmee-ssl_0.3.p23.3-1.5.woody_mipsel.deb
Debian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_mipsel.deb

Debian w3mmee-ssl_0.3.p23.3-1.5.woody_powerpc.deb
Debian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_powerpc.deb

Debian w3mmee-ssl_0.3.p23.3-1.5.woody_s390.deb
Debian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_s390.deb

Debian w3mmee-ssl_0.3.p23.3-1.5.woody_sparc.deb
Debian 3.0 woody.
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0 .3.p23.3-1.5_sparc.deb

W3M W3M 0.3

Debian w3m-img_0.3-2.4.woody_alpha.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_alp ha.deb

Debian w3m-img_0.3-2.4.woody_hppa.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_hpp a.deb

Debian w3m-img_0.3-2.4.woody_i386.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_i38 6.deb

Debian w3m-img_0.3-2.4.woody_m68k.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_m68 k.deb

Debian w3m-img_0.3-2.4.woody_mips.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_mip s.deb

Debian w3m-img_0.3-2.4.woody_mipsel.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_mip sel.deb

Debian w3m-img_0.3-2.4.woody_powerpc.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_pow erpc.deb

Debian w3m-img_0.3-2.4.woody_s390.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_s39 0.deb

Debian w3m-img_0.3-2.4.woody_sparc.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_spa rc.deb

Debian w3m-ssl_0.3-2.4.woody_alpha.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4 _alpha.deb

Debian w3m-ssl_0.3-2.4.woody_arm.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4 _arm.deb

Debian w3m-ssl_0.3-2.4.woody_hppa.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4 _hppa.deb

Debian w3m-ssl_0.3-2.4.woody_i386.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4 _i386.deb

Debian w3m-ssl_0.3-2.4.woody_m68k.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4 _m68k.deb

Debian w3m-ssl_0.3-2.4.woody_mips.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4 _mips.deb

Debian w3m-ssl_0.3-2.4.woody_mipsel.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4 _mipsel.deb

Debian w3m-ssl_0.3-2.4.woody_powerpc.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4 _powerpc.deb

Debian w3m-ssl_0.3-2.4.woody_s390.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4 _s390.deb

Debian w3m-ssl_0.3-2.4.woody_sparc.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4 _sparc.deb

Debian w3m_0.3-2.4.woody_alpha.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_alpha.d eb

Debian w3m_0.3-2.4.woody_arm.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_arm.deb

Debian w3m_0.3-2.4.woody_hppa.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_hppa.de b

Debian w3m_0.3-2.4.woody_i386.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_i386.de b

Debian w3m_0.3-2.4.woody_m68k.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_m68k.de b

Debian w3m_0.3-2.4.woody_mips.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_mips.de b

Debian w3m_0.3-2.4.woody_mipsel.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_mipsel. deb

Debian w3m_0.3-2.4.woody_powerpc.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_powerpc .deb

Debian w3m_0.3-2.4.woody_s390.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_s390.de b

Debian w3m_0.3-2.4.woody_sparc.deb
Debian woody 3.0.
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_sparc.d eb

RedHat w3m-0.3.1-4.7x.1.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/w3m-0.3.1-4.7x.1.i386.rpm

W3M W3M 0.3.1

Conectiva w3m-0.3.1-105.i586.rpm
ftp://ul.conectiva.com.br/updates/1.0/i386/RPMS.core/w3m-0.3.1-105.i58 6.rpm

RedHat w3m-0.3.1-6.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/w3m-0.3.1-6.i386.rpm

W3M W3M 0.3.2

W3M w3m-0.3.2.2.tar.gz
http://prdownloads.sourceforge.net/w3m/w3m-0.3.2.2.tar.gz?download