Security 10816 Published by

MandrakeSoft has released a security update for Kdelibs under Mandrake Linux 8.1 & 8.2

"A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, java script may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine."

Read more