Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 244322

Summary: KDE KHTML "HTMLTokenizer::scriptHandler()" Recursive Document Load Weakness
Product: Gentoo Linux Reporter: Matti Bickel (RETIRED) <mabi>
Component: Current packagesAssignee: Gentoo KDE team <kde>
Severity: trivial CC: esigra
Priority: Low    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 245954    

Description Matti Bickel (RETIRED) gentoo-dev 2008-10-25 15:44:48 UTC
Maybe this is not security, but only with the KDE folks, but here we go anyway.

Secunia Advisory:   	 SA32208  	
Release Date: 	2008-10-24

Critical: 	Not critical
Impact: 	DoS
Where: 	        From remote
Solution Status: 	Unpatched 
Jeremy Brown has discovered a weakness in KDE, which can be exploited by malicious people to cause a DoS (Denial of Service).

The weakness is caused due to KHTML improperly handling JavaScript "document.load()" calls targeting the current document. This can be exploited to trigger the use of a deleted object within the "HTMLTokenizer::scriptHandler()" method and cause a crash.

The weakness is confirmed with Konqueror using KHTML from KDE versions 3.5.9 and 3.5.10. Other versions may also be affected.

NOTE: Secunia normally does not classify a browser crash as a vulnerability nor issue an advisory about it. However, the potential impact of this issue may be more severe than currently believed.

Do not open untrusted HTML documents with applications using KHTML (e.g. Konqueror).
Comment 1 Matti Bickel (RETIRED) gentoo-dev 2008-10-25 16:00:12 UTC
reassigning to kde herd b/c it's not a security bug.
Comment 2 Theo Chatzimichos (RETIRED) archtester gentoo-dev Security 2009-05-27 22:57:22 UTC
since development of kde3 is frozen we can't do anything so closing