[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#261740: [CAN-2004-0721] frame injection vulnerability

Package: konqueror
Version: 4:3.2.2-1
Severity: grave
Tags: security upstream sid

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 :

+-----------------------------------------------------------------------------+
| Name        | CAN-2004-0721 (under review)                                  |
|-------------+---------------------------------------------------------------|
|             | Konqueror 3.1.3, 3.2.2, and possibly other versions does not  |
|             | properly prevent a frame in one domain from injecting content |
| Description | into a frame that belongs to another domain,m which           |
|             | facilitates web site spoofing and other attacks, aka the      |
|             | frame injection vulnerability.                                |
|-------------+---------------------------------------------------------------|
|             |   * MISC:http://secunia.com/advisories/11978                  |
| References  |   * MISC:http://secunia.com/                                  |
|             |     multiple_browsers_frame_injection_vulnerability_test/     |
|-------------+---------------------------------------------------------------|
| Phase       | Assigned (20040722)                                           |
|-------------+---------------------------------------------------------------|

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (800, 'unstable'), (750, 'experimental'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-rc3
Locale: LANG=C, LC_CTYPE=en_US.ISO8859-1
-- 
Obsig: developing a new sig
Reply to: