Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 4 Mar 2014 10:03:01 +0100
From: Hanno Böck <>
To: OSS Security List <>
Subject: CVE request: konqueror not providing any protection against


It may be debatable if that's a CVE issue, because it's basically a
"there's a general vulnerability in the way HTML/JS is done, there's a
protection mechanism and product X doesn't have it". I think it
deserves one and as recently Konqueror issues popped up here I thought
it might deserve a CVE:

Basically, pretty much all mainstream browsers support the
X-Frame-Options header to allow web developers to secure their apps
from clickjacking attacks. Konqueror doesn't support it.

Please assign CVE.

(and if curious: I've setup a test for X-FRAME-OPTIONS header
functionality a while ago )

Hanno Böck


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ