Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 244322 - KDE KHTML "HTMLTokenizer::scriptHandler()" Recursive Document Load Weakness
Summary: KDE KHTML "HTMLTokenizer::scriptHandler()" Recursive Document Load Weakness
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Low trivial (vote)
Assignee: Gentoo KDE team
Depends on:
Blocks: kde-3.5.10
  Show dependency tree
Reported: 2008-10-25 15:44 UTC by Matti Bickel (RETIRED)
Modified: 2009-05-27 22:57 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Matti Bickel (RETIRED) gentoo-dev 2008-10-25 15:44:48 UTC
Maybe this is not security, but only with the KDE folks, but here we go anyway.

Secunia Advisory:   	 SA32208  	
Release Date: 	2008-10-24

Critical: 	Not critical
Impact: 	DoS
Where: 	        From remote
Solution Status: 	Unpatched 
Jeremy Brown has discovered a weakness in KDE, which can be exploited by malicious people to cause a DoS (Denial of Service).

The weakness is caused due to KHTML improperly handling JavaScript "document.load()" calls targeting the current document. This can be exploited to trigger the use of a deleted object within the "HTMLTokenizer::scriptHandler()" method and cause a crash.

The weakness is confirmed with Konqueror using KHTML from KDE versions 3.5.9 and 3.5.10. Other versions may also be affected.

NOTE: Secunia normally does not classify a browser crash as a vulnerability nor issue an advisory about it. However, the potential impact of this issue may be more severe than currently believed.

Do not open untrusted HTML documents with applications using KHTML (e.g. Konqueror).
Comment 1 Matti Bickel (RETIRED) gentoo-dev 2008-10-25 16:00:12 UTC
reassigning to kde herd b/c it's not a security bug.
Comment 2 Theo Chatzimichos (RETIRED) archtester gentoo-dev Security 2009-05-27 22:57:22 UTC
since development of kde3 is frozen we can't do anything so closing