[Pkg-kde-extras] Bug#593300: rekonq: CVE-2010-2536 xss vulnerabilities
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Aug 17 01:33:26 UTC 2010
Package: rekonq
Version: 0.5.0-1
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for rekonq.
CVE-2010-2536[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and
| earlier allow remote attackers to inject arbitrary web script or HTML
| via (1) a URL associated with a nonexistent domain name, related to
| webpage.cpp, aka a "universal XSS" issue; (2) unspecified vectors
| related to webview.cpp; and the about: views for (3) favorites, (4)
| bookmarks, (5) closed tabs, and (6) history.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2536
http://security-tracker.debian.org/tracker/CVE-2010-2536
More information about the pkg-kde-extras
mailing list