Bug#278002: konqueror: shows dialog box from other tab (possible security implications)
Package: konqueror
Version: 4:3.3.0a-1
Severity: minor
Tags: security
Just confirming that the issue explained here:
http://secunia.com/secunia_research/2004-10/advisory/
exists in Debian package. Please remove the security tag
if you think this is not really relevant security-wise.
You can check it for yourself at
http://secunia.com/multiple_browsers_dialog_box_spoofing_test/
Be quick with opening the other window in the tab, or the dialog might
appear before the new tab opens. If this happens, reload the test page
and then open the link in new tab, in less than 8 seconds.
The advisory said that upstream fixed this in 3.3.1.
Regards,
Zoran
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (800, 'testing'), (600, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-1-k7
Locale: LANG=C, LC_CTYPE=hr_HR
Versions of packages konqueror depends on:
ii kcontrol 4:3.1.3-1 KDE Control Center
ii kdebase-kio-plugins 4:3.2.2-1 KDE I/O Slaves
ii kdelibs4 4:3.3.0-2 KDE core libraries
ii kdesktop 4:3.3.0a-1 KDE Desktop
ii kfind 4:3.3.0a-1 KDE File Find Utility
ii libart-2.0-2 2.3.16-1 Library of functions for 2D graphi
ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an
ii libfam0c102 2.7.0-5 client library to control the FAM
ii libgcc1 1:3.4.1-4sarge1 GCC support library
ii libice6 4.3.0.dfsg.1-4 Inter-Client Exchange library
ii libidn11 0.5.2-3 GNU libidn library, implementation
ii libjpeg62 6b-9 The Independent JPEG Group's JPEG
ii libkonq4 4:3.3.0a-1 Core libraries for KDE's file mana
ii libpcre3 4.5-1.1 Perl 5 Compatible Regular Expressi
ii libpng12-0 1.2.5.0-7 PNG library - runtime
ii libqt3c102-mt 3:3.3.3-4.1 Qt GUI Library (Threaded runtime v
ii libsm6 4.3.0.dfsg.1-4 X Window System Session Management
ii libstdc++5 1:3.3.4-1 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-4 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-4 X Window System miscellaneous exte
ii libxrender1 0.8.3-5 X Rendering Extension client libra
ii xlibs 4.3.0-2 X Window System client libraries m
ii zlib1g 1:1.2.1-3 compression library - runtime
-- debconf information excluded
Reply to: