*** This bug has been split off bug 143435 *** ------- Original comment by Josh Bressers (Security Response Team) on 2004.12.20 15:07 ------- Two flaws in the Konqueror webbrowser make it possible to by pass the sandbox environment which is used to run Java-applets. One flaw allows access to restricted Java classes via JavaScript, making it possible to escalate the privileges of the Java-applet. The other problem is that Konqueror fails to correctly restrict access to certain Java classes from the Java-applet itself. See http://www.kde.org/info/security/advisory-20041220-1.txt for the full advisory.
it's now fixed in kdelibs-3.3.1-3.3, which is already built in 4E-errata-candidate
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-065.html