Red Hat Bugzilla – Bug 225420
CVE-2007-0537 Konqueror improper HTML comment rendering
Last modified: 2007-11-30 17:11:54 EST
+++ This bug was initially created as a clone of Bug #225414 +++
A flaw was reported in the way Konqueror processes HTML which contains a comment
used in a certain manner. It is possible to conduct a cross site scripting flaw
on sites that allow a user to enter HTML comments, which Konqueror will then
parse incorrectly, causing the site to display unintended content.
-- Additional comment from firstname.lastname@example.org on 2007-01-30 10:25 EST --
Created an attachment (id=146918)
Demo HTML file. This file should not display an alert dialog.
This flaw also affects FC5
it's fixed in kdelibs-3.5.6-0.3.fc6