Security Vulnerability in K-Meleon
Posted by: Anonymous
Date: August 25, 2008 09:36PM

This site:
htt[FUxCK You Forum I can't post]p://videos.videose[FUxCK You Forum I can't post]xtube2009.com/britney-spears-pu[FUxCK You Forum I can't post]ssy-shot.html

First tries to make you download some file that looks like a worm. K-Meleon blocks that.

Then it uses abusive Javascript to give you nonstop message prompts. They aren't popup windows but messagebox prompts. So Alt-F4, clicking K-Meleon on the task bar, trying to click around the window, etc. don't work.

I don't even know what it does with Flash enabled as I always have to have Javascript on in K-Meleon or Flashblock does not work.

K-Meleon also has other Javascript vulnerabilities like how abusive sites use javascript to hack your right mouse button so it either makes a popup when you try to click it or it doesn't work at all. There's another javascript vulnerability where people use javascript to prevent you from selecting text.

So K-Meleon needs to block the popup dialog boxes like this site makes as the popup blocker isn't stopping those.

Re: Security Vulnerability in K-Meleon
Posted by: Anonymous
Date: August 25, 2008 09:37PM

Please remove all the "[FUxCK You Forum I can't post]" as it was refusing to let me post and not telling me why so I had to guess.

It just said:

A word you have used in your post has been banned from use. Please use a different word or contact the forum administrators.

Re: Security Vulnerability in K-Meleon
Posted by: Anonymous
Date: August 25, 2008 09:38PM

Let's try to get the URL to post cleanly

http://videos.videose
xtube2009.com/britney-spears-pu
ssy-shot.html

Re: Security Vulnerability in K-Meleon
Posted by: Anonymous
Date: August 25, 2008 09:39PM

Nope, forum messed it up, trying again.


http://
videos.videose
xtube2009.com/britney-spears-pus
sy-shot.html

Re: Security Vulnerability in K-Meleon
Posted by: Anonymous
Date: August 25, 2008 09:40PM

Okay the site that exploits the vulnerability is at:

http://
videos.videose
xtube2009.com/britney-spears-pus
sy-shot.html



You have to put it all on one line. This broken forum is broken and won't let people post proper bug reports.

Re: Security Vulnerability in K-Meleon
Posted by: desga2
Date: August 25, 2008 10:05PM

If you try go to View -> Toolbars -> Privacy Bar (check it)

In Privacy Bar click in JavaScript button to disable it and load now this worm/p0rn site. Popup and download isn't showed.

P.S.; In your post only in the url the word se>< is banned.

K-Meleon in Spanish



Edited 2 time(s). Last edit at 08/25/2008 10:08PM by desga2.

K-Meleon forum is powered by Phorum.