Description from Secunia:
A 6 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites.
The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.
Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.
Secunia has constructed a test, which can be used to check if your browser is affected by this issue:
Just tested Konqueror 3.2.2 and it is vulnerable. mozilla-firefox-0.8-r3 seems not to suffer from this.
Hardly exploitable, but should be fixed.
Affected packages :
Fixed packages :
Waiting for upstream fixes for Opera and Konqueror.
net-www/netscape-navigator is vulnerable (I'm assuming net-www/netscape-communicator is as well). Note that I tested this on OSX, but it should be vulnerable on Linux as well.
Who still uses Netscape, anyway? ;)
Opera fixed with bug #56311
Patch available for Konqueror
KDE team: could you please look in the fix for Konqueror and issue a fixed ebuild ?
For netscape-communicator, I suppose there won't be a fix so we might need to mask it.
I'd like to see a little more conversation on the KDE bug site and find out what their plan is before I commit anything here. If it's a serious problem, they'll issue a security advisory. My guess is that the patch that's in that bug still has a little bit of work left.
mozilla(-bin) and firefox seems to be fixed with bug #59419
Moz and Firefox are fixed since 1.7 / 0.9, see comment above.
Konqueror and Netscape-Communicator are the only left to fix.
Changing title to reflect this.
Konqueror fixed with bug #60068
I agree to p.mask net-www/netscape-*. The latest portage is clever enough to show the reason of p.mask extracted from package.mask, so I would assume it's okay to keep them in our tree even though they are vulnerable to the exploit.
ok, netscape-communicator and netscape-navigator are package.mask'd
This is ready for GLSA or close...
Closing without GLSA.