CVE-2002-1348 Information

Description

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag which could allow remote attackers to access files or cookies.

Reference

http://marc.info/?l=bugtraq&m=104552193927323&w=2 http://sourceforge.net/project/shownotes.php?release_id=126233 http://www.debian.org/security/2003/dsa-249 http://www.debian.org/security/2003/dsa-250 http://www.debian.org/security/2003/dsa-251 http://www.iss.net/security_center/static/11266.php http://www.redhat.com/support/errata/RHSA-2003-044.html http://www.redhat.com/support/errata/RHSA-2003-045.html http://www.securityfocus.com/bid/6794