Debian Security Advisory DSA 167-1 (Konquerer)

The remote host is missing an update to Konquerer announced via advisory DSA 167-1.

A cross site scripting problem has been discovered in Konquerer, a famous browser for KDE and other programs using KHTML. The KDE team reports that Konqueror's cross site scripting protection fails to initialize the domains on sub-(i)frames correctly. As a result, Javascript is able to access any foreign subframe which is defined in the HTML source. Users of Konqueror and other KDE software that uses the KHTML rendering engine may become victim of a cookie stealing and other cross site scripting attacks. This problem has been fixed in version 2.2.2-13.woody.3 for the current stable distribution (woody) and in version 2.2.2-14 for the unstable distribution (sid). The old stable distribution (potato) is not affected since it didn't ship KDE. We recommend that you upgrade your kdelibs package and restart

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20167-1