Bug 128463 - CAN-2004-0721 Konqueror frame injection
CAN-2004-0721 Konqueror frame injection
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: kdebase (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ngo Than
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-23 04:13 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-08 11:48:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed upstream patch (7.22 KB, patch)
2004-08-05 12:21 EDT, Josh Bressers
no flags Details | Diff
Proposed upstream patch (14.49 KB, patch)
2004-08-05 12:21 EDT, Josh Bressers
no flags Details | Diff
post-3.0.5b-kdebase-htmlframes.patch (7.22 KB, patch)
2004-08-05 12:23 EDT, Josh Bressers
no flags Details | Diff
post-3.0.5b-kdelibs-htmlframes.patch (14.49 KB, patch)
2004-08-05 12:24 EDT, Josh Bressers
no flags Details | Diff
post-3.1.5-kdebase-htmlframes.patch (6.57 KB, patch)
2004-08-05 12:25 EDT, Josh Bressers
no flags Details | Diff
post-3.1.5-kdelibs-htmlframes.patch (14.60 KB, patch)
2004-08-05 12:25 EDT, Josh Bressers
no flags Details | Diff
post-3.2.3-kdebase-htmlframes.patch (6.57 KB, patch)
2004-08-05 12:26 EDT, Josh Bressers
no flags Details | Diff
post-3.2.3-kdelibs-htmlframes.patch (15.28 KB, patch)
2004-08-05 12:27 EDT, Josh Bressers
no flags Details | Diff

  None (edit)
Description Mark J. Cox (Product Security) 2004-07-23 04:13:01 EDT
Konqueror does not properly prevent a frame in one domain from
injecting content into a frame that belongs to another domain, which
facilitates web site spoofing and other attacks, aka the frame
injection vulnerability.

http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/

        CAN-2004-0721 Affects: FC1
        CAN-2004-0721 Affects: FC2
Comment 1 Josh Bressers 2004-08-05 12:21:12 EDT
Created attachment 102455 [details]
Proposed upstream patch
Comment 2 Josh Bressers 2004-08-05 12:21:55 EDT
Created attachment 102456 [details]
Proposed upstream patch
Comment 3 Josh Bressers 2004-08-05 12:23:56 EDT
Created attachment 102457 [details]
post-3.0.5b-kdebase-htmlframes.patch

I'm reposting these so they make more sense.
Comment 4 Josh Bressers 2004-08-05 12:24:22 EDT
Created attachment 102458 [details]
post-3.0.5b-kdelibs-htmlframes.patch
Comment 5 Josh Bressers 2004-08-05 12:25:07 EDT
Created attachment 102459 [details]
post-3.1.5-kdebase-htmlframes.patch
Comment 6 Josh Bressers 2004-08-05 12:25:39 EDT
Created attachment 102461 [details]
post-3.1.5-kdelibs-htmlframes.patch
Comment 7 Josh Bressers 2004-08-05 12:26:11 EDT
Created attachment 102462 [details]
post-3.2.3-kdebase-htmlframes.patch
Comment 8 Josh Bressers 2004-08-05 12:27:14 EDT
Created attachment 102463 [details]
post-3.2.3-kdelibs-htmlframes.patch
Comment 9 Ngo Than 2004-09-08 11:48:50 EDT
it's fixed im current kdelibs-3.2.2-8.FC2/kdebase-3.2.2-6.FC2 packages.

Note You need to log in before you can comment on or make changes to this bug.