A flaw was reported in the way Konqueror processes HTML which contains a comment used in a certain manner. It is possible to conduct a cross site scripting flaw on sites that allow a user to enter HTML comments, which Konqueror will then parse incorrectly, causing the site to display unintended content.
Created attachment 146918 [details] Demo HTML file. This file should not display an alert dialog.
This flaw also affects RHEL3. I was unable to reproduce this flaw on RHEL2.1
I'm lowering the severity of this flaw to low. Dirk Mueller clarified this flaw. It only affects placing comments in the <title> HTML tags. This significantly reduces the usefulness of this flaw.
I'm moving this bug to cover RHEL5, which means that it affects RHEL 3, 4, and 5.
Closing as deferred, we may fix this in a future update but do not plan on fixing due to this issue. Removing flags as it's not approved for RHEL update at this time.