Date: Tue, 4 Mar 2014 10:03:01 +0100 From: Hanno Böck <hanno@...eck.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE request: konqueror not providing any protection against clickjacking Hi, It may be debatable if that's a CVE issue, because it's basically a "there's a general vulnerability in the way HTML/JS is done, there's a protection mechanism and product X doesn't have it". I think it deserves one and as recently Konqueror issues popped up here I thought it might deserve a CVE: https://bugs.kde.org/show_bug.cgi?id=259070 Basically, pretty much all mainstream browsers support the X-Frame-Options header to allow web developers to secure their apps from clickjacking attacks. Konqueror doesn't support it. Please assign CVE. (and if curious: I've setup a test for X-FRAME-OPTIONS header functionality a while ago http://int21.de/frametest/ ) cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ