remote code execution in kdelibs3

2006-01-20T15:06:24
ID SUSE-SA:2006:003
Type suse
Reporter Suse
Modified 2006-01-20T15:06:24

Description

Maksim Orlovich discovered a bug in the JavaScript interpreter used by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow that causes the browser to crash or execute arbitrary code. Attackers could trick users into visiting specially crafted web sites that exploit this bug (CVE-2006-0019).

Solution

JavaScript can be disabled in Konqueror's settings dialog to prevent exploitation. Some websites may no longer work with disabled JavaScript though. It is recommended to install the update packages.