Bug 128463 - CAN-2004-0721 Konqueror frame injection
Summary: CAN-2004-0721 Konqueror frame injection
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kdebase
Version: 2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Than Ngo
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-07-23 08:13 UTC by Mark J. Cox
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-09-08 15:48:50 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Proposed upstream patch (7.22 KB, patch)
2004-08-05 16:21 UTC, Josh Bressers
no flags Details | Diff
Proposed upstream patch (14.49 KB, patch)
2004-08-05 16:21 UTC, Josh Bressers
no flags Details | Diff
post-3.0.5b-kdebase-htmlframes.patch (7.22 KB, patch)
2004-08-05 16:23 UTC, Josh Bressers
no flags Details | Diff
post-3.0.5b-kdelibs-htmlframes.patch (14.49 KB, patch)
2004-08-05 16:24 UTC, Josh Bressers
no flags Details | Diff
post-3.1.5-kdebase-htmlframes.patch (6.57 KB, patch)
2004-08-05 16:25 UTC, Josh Bressers
no flags Details | Diff
post-3.1.5-kdelibs-htmlframes.patch (14.60 KB, patch)
2004-08-05 16:25 UTC, Josh Bressers
no flags Details | Diff
post-3.2.3-kdebase-htmlframes.patch (6.57 KB, patch)
2004-08-05 16:26 UTC, Josh Bressers
no flags Details | Diff
post-3.2.3-kdelibs-htmlframes.patch (15.28 KB, patch)
2004-08-05 16:27 UTC, Josh Bressers
no flags Details | Diff

Description Mark J. Cox 2004-07-23 08:13:01 UTC
Konqueror does not properly prevent a frame in one domain from
injecting content into a frame that belongs to another domain, which
facilitates web site spoofing and other attacks, aka the frame
injection vulnerability.

http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/

        CAN-2004-0721 Affects: FC1
        CAN-2004-0721 Affects: FC2

Comment 1 Josh Bressers 2004-08-05 16:21:12 UTC
Created attachment 102455 [details]
Proposed upstream patch

Comment 2 Josh Bressers 2004-08-05 16:21:55 UTC
Created attachment 102456 [details]
Proposed upstream patch

Comment 3 Josh Bressers 2004-08-05 16:23:56 UTC
Created attachment 102457 [details]
post-3.0.5b-kdebase-htmlframes.patch

I'm reposting these so they make more sense.

Comment 4 Josh Bressers 2004-08-05 16:24:22 UTC
Created attachment 102458 [details]
post-3.0.5b-kdelibs-htmlframes.patch

Comment 5 Josh Bressers 2004-08-05 16:25:07 UTC
Created attachment 102459 [details]
post-3.1.5-kdebase-htmlframes.patch

Comment 6 Josh Bressers 2004-08-05 16:25:39 UTC
Created attachment 102461 [details]
post-3.1.5-kdelibs-htmlframes.patch

Comment 7 Josh Bressers 2004-08-05 16:26:11 UTC
Created attachment 102462 [details]
post-3.2.3-kdebase-htmlframes.patch

Comment 8 Josh Bressers 2004-08-05 16:27:14 UTC
Created attachment 102463 [details]
post-3.2.3-kdelibs-htmlframes.patch

Comment 9 Than Ngo 2004-09-08 15:48:50 UTC
it's fixed im current kdelibs-3.2.2-8.FC2/kdebase-3.2.2-6.FC2 packages.


Note You need to log in before you can comment on or make changes to this bug.