Bug#261740: [CAN-2004-0721] frame injection vulnerability
Package: konqueror
Version: 4:3.2.2-1
Severity: grave
Tags: security upstream sid
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 :
+-----------------------------------------------------------------------------+
| Name | CAN-2004-0721 (under review) |
|-------------+---------------------------------------------------------------|
| | Konqueror 3.1.3, 3.2.2, and possibly other versions does not |
| | properly prevent a frame in one domain from injecting content |
| Description | into a frame that belongs to another domain,m which |
| | facilitates web site spoofing and other attacks, aka the |
| | frame injection vulnerability. |
|-------------+---------------------------------------------------------------|
| | * MISC:http://secunia.com/advisories/11978 |
| References | * MISC:http://secunia.com/ |
| | multiple_browsers_frame_injection_vulnerability_test/ |
|-------------+---------------------------------------------------------------|
| Phase | Assigned (20040722) |
|-------------+---------------------------------------------------------------|
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-rc3
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
--
Obsig: developing a new sig
Reply to: