A serious vulnerability has been found in the popular KDE open-source software bundle. The flaw, deemed "critical" by the research outfit the French Security Incident Response Team, could allow a remote attacker to gain control over vulnerable systems. KDE is a desktop software package for Linux and Unix systems and includes the Konqueror Web browser and other applications.

The vulnerability lies in the JavaScript interpreter engine used by Konqueror and other parts of KDE, according to a security advisory posted Thursday. An attacker could craft a special UTF-8 encoded URI sequence to exploit the flaw, according to the advisory. For an attack to be successful, a person would have to visit the attacker's Web page using Konqueror, the FrSIRT said in its alert. Affected are KDE 3.2.0 up to and including KDE 3.5.0. Fixes are available.
Source (http://news.com.com/KDE+flaws+put+Linux%2C+Unix+systems+at+risk/2110-1002_3-6029297.html?tag=nefd.hed)
patches are available at kde ftp mirrors..
I think this is the time KDE Users should @tleast try to move toGNOME (http://gnome.org/) DE or anyother lightweight WM/DE.GNOME is based on pure OSS.As U know KDE's QT has got a confusing License terms resembling a propreitory License.

I am using Gnome..even since.

i wouldn't wanna let go of kde!

Ah! Hope we dont split into kde n GNOMe guys. OSS communities are quite dynamic and rest assured prakash, Vulnerabilities wud be patched soon. I personally use neither.
I use a personalised fluxbox with personalised menus. lots of keyboard shortcuts and dashboards etc., and my work wud be seriously hampered if switched to any other WM. So kinda addicted to it.
I haven't read the 'trolltech qt' license fully but have seen first few lines of it in the 'qt designer' About dialog.. Something like 'qt' commercial license and 'qt' OSs license which does not allow the code developed to be used for commercial purposes and the like.. not sure. correct if wrong. :)

yeah you are right about the terms & conditions satish s. but seriously till a few years ago i was a bigtime fan of gnome + enlightenment. ever since i saw kde3, i switched over! well the kde vs gnome was is an old one!

I find KDE better than GNOME so I would go for KDE as my default DE. Haven't used any WM's so extensively so will be moving to them soon.

Since it is about security it is imperative to mention here that the vulnerability was found by a KDE developer only (Maksim) and was patched without any delay.
www.kde.org/info/security/advisory-20060119-1.txt

Also even if this vulnerability was ever exploited by an attacker, he could've taken control of your system "only if" you used konqueror as your web browser and that too as root. Otherwise the maximum that the attacker could've done was do something bad to the user's account. Agreed that is not a small thing either, but just wanted to clarify this thing.

I think this is the time KDE Users should @tleast try to move toGNOME (http://gnome.org/) DE or anyother lightweight WM/DE.If you have reasons other than security then I am all ears but if you are talking about security then the following links might be of interest to you.
http://secunia.com/product/219/
http://secunia.com/product/3277/

GNOME 2.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Moderately critical
KDE 3.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Less critical
I am not saying that one product is better then another one. Just giving a view about security advisories, so please don't flame.

As U know KDE's QT has got a confusing License terms resembling a propreitory License.
The following links might interest you.

"Qt is not free": Qt is licensed under the GNU GPL license: The same license than many GNU projects and the Linux kernel. Yes, Qt has an additional commercial license. This doesn't makes Qt less free, because the GPL version already gives you all the freedom you need. You can read more on the topic on the KDE myths web page. In case you don't trust me, let me quote Richard Stallman on the Qt 2.2 announcement: "I am very pleased to see that Qt is now available under the GPL. This is a big win free software and a great gift from Trolltech to the community".
http://kdemyths.urbanlizard.com/topic/10
http://www.terra.es/personal/diegocg/kde/

I dont want to flame.regarding security things,these are been fixed and if older versions of vulnerable software exists are pathched by the distro vendor.for eg;Debian.and searching for KDE/QT in secunia site will display a whopping number[Found: 216 Secunia Security Advisories, displaying 1-25]while GNOME shows smaller number of vulnerabilities[Found: 105 Secunia Security Advisories, displaying 1-25]but GNOME is the product coming from floss volunteers,when KDE started as propreitory.Because of the very existance of GNOME DE,QT announced KDE/QT as GPLed as U quote.As about GNOME's vulnerabilities,it is got fixed really fast..and i donknow why KDE's given an uphand though GNOME exists as a 100% free DE.Trolltech's ambitions with qt/kde are not that good looking for OSS.And i hate KDE's Wingdowish look if U mind it or not.Why should we hold the ghost of Wingdows in GNU/Linux as KDE?.Hope Linux will grow with GNOME and other open window managers.Happy GNU/Linuxing!

aaah...do i smell another kde vs gnome war????!!!!

..searching for KDE/QT in secunia site will display a whopping number[Found: 216 Secunia Security Advisories, displaying 1-25]while GNOME shows smaller number of vulnerabilities[Found: 105 Secunia Security Advisories, displaying 1-25]When it comes to vulnerabilities, its not the number but the severity that matters and GNOME clearly has more severe of them.

As about GNOME's vulnerabilities,it is got fixed really fast..I don't think so. You should see the "Solution status" on the Secunia links I posted in my earlier post. You will find that out of the 5 vulnerabilities found in GNOME since 2003, none has been patched till date while out of 30 found in KDE, only one is still unpatched. Now you should decide yourself as to who is fixing the vulnerabilities faster.

GNOME exists as a 100% free DE.So does KDE.

Trolltech's ambitions with qt/kde are not that good looking for OSS.Please be kind enough to explain that statement.

And i hate KDE's Wingdowish look if U mind it or not.Why should we hold the ghost of Wingdows in GNU/Linux as KDE?Lets just stay with security issues, else this topic will become a flame war :)

KDE rocks

Aww..Yeah..Me waiting for Next GNOME release /\
KDE http://differentdawn.com/board/images/icons/icon13.gif