[UNIX] Konqueror Frame Injection Vulnerability
From: SecuriTeam (support_at_securiteam.com)
Date: 08/16/04
- Previous message: SecuriTeam: "[UNIX] DCOPServer Temporary Filename Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 16 Aug 2004 11:53:14 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Konqueror Frame Injection Vulnerability
------------------------------------------------------------------------
SUMMARY
The Konqueror web browser allows websites to load web pages into a frame
of any other frame-based web page that the user may have open.
DETAILS
Vulnerable Systems:
* All versions of KDE up to KDE 3.2.3 inclusive
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721>
CAN-2004-0721
Impact:
A malicious website could abuse Konqueror to insert its own frames into
the page of an otherwise trusted website. As a result the user may
unknowingly send confidential information intended for the trusted website
to the malicious website.
Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider for
information about how to obtain updated binary packages.
ADDITIONAL INFORMATION
The information has been provided by <mailto:bastian@kde.org> Waldo
Bastian.
The original article can be found at:
<http://www.kde.org/info/security/advisory-20040811-3.txt>
http://www.kde.org/info/security/advisory-20040811-3.txt
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] DCOPServer Temporary Filename Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NEWS] Common DNS Misconfiguration can Lead to "same Site" Scripting
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... attack is trivial, for
example, from a shared UNIX system, an attacker ... via) a machine that hosts another website,
... configurations for domains that host websites that rely on HTTP state ... (Securiteam) - [NEWS] Mozilla Firefox Certificate Spoofing
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... * Mozilla Firefox version
0.9.1 ... First you direct the redirection Metatag to the website of which you want ...
to spoof the certificate, then inside the tag you add OnUnload ... (Securiteam) - [NT] K-Meleon Frame Injection Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... K-Meleon is free, open
source software released under the GNU General ... A malicious website could cause K-Meleon
to insert its own frames into the ... In no event shall we be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam) - [EXPL] phpBB Remote PHP Code Execution (viewtopic.php 2)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The following exploit code utilizes
a vulnerability in phpBB to cause ... This bulletin is sent to members of the SecuriTeam
mailing list. ... In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) - [EXPL] TinyWeb Server DoS Exploit
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The information in this
bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be
liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages. ... (Securiteam)
