Konqueror does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ CAN-2004-0721 Affects: FC1 CAN-2004-0721 Affects: FC2
Created attachment 102455 [details] Proposed upstream patch
Created attachment 102456 [details] Proposed upstream patch
Created attachment 102457 [details] post-3.0.5b-kdebase-htmlframes.patch I'm reposting these so they make more sense.
Created attachment 102458 [details] post-3.0.5b-kdelibs-htmlframes.patch
Created attachment 102459 [details] post-3.1.5-kdebase-htmlframes.patch
Created attachment 102461 [details] post-3.1.5-kdelibs-htmlframes.patch
Created attachment 102462 [details] post-3.2.3-kdebase-htmlframes.patch
Created attachment 102463 [details] post-3.2.3-kdelibs-htmlframes.patch
it's fixed im current kdelibs-3.2.2-8.FC2/kdebase-3.2.2-6.FC2 packages.
http://www.redhat.com/archives/fedora-announce-list/2004-September/msg00010.html http://www.redhat.com/archives/fedora-announce-list/2004-September/msg00011.html