CVE-2008-4382 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4382): Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
The HTML code from http://www.securityfocus.com/archive/1/archive/1/496849/100/0/threaded will crash the whole os, it will eat up all your resources. We've got 3.5.10 in the tree, please stabilize.
Does 3.5.10 fix this bug?
Uhm, I thought so, verifying it now (I got in touch with security@kde.org).
Their policy is that security bugs are not to be filed on the bugtracker: http://kde.org/info/security/policy.php No answer yet.
Robert, I really should have thought about that myself. My testing system crashes on 3.5.10, too. Sorry, that it took a bit to set it up and test (slow pxe-booted system...).
(In reply to comment #5) > My testing system crashes on 3.5.10, too. On my system (3.5.9, amd64x2, 3G mem), this rather silly code slows things down, finally starts swapping, and then kills Konq. Everything else then recovers nicely -- X, KDE, etc. Calling this a "DoS" is just dignifying stupidity. All this code does is create an impossibly huge string and then try to display it. But with 64-bit pointers and virtual memory, exactly when do we call it a day and return -ENOMEM? I note that Konq crashed long before I ran out of swap space, though...
It may not crash *your* setup, but I've got a setup here that freezes, see comment #1. I have to confess that I did not make it clear that I verified what I wrote there - my fault. I must point out that I expect you to be polite on the bugtacker, personal insults are inappropriate and I really don't know how they would help in resolving this issue.
i have opened stabilization bug for kde 3.5.10, adding it in depend buglist
=konqueror-3* is now masked for removal
KDE 3 is not in tree any more. CC us again if you need anything. thanks