The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may lead auser to send his/her local cookies, which are used for configuration.
For the stable distribution (woody), these problems have been fixed inversion 0.3-2.4.
The old stable distribution (potato) is not affected.
For the unstable distribution (sid), these problems have been fixed inversions 0.3.2.2-1 and later.
An upgrade of w3m and w3m-ssl packages is recommended.
For details, click here.