[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Opera/Konqueror: data: URL scheme address bar spoofing

To: Robert Swiecki <jagger@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] Opera/Konqueror: data: URL scheme address bar spoofing
From: Harri Porten <porten@xxxxxxx>
Date: Sat, 14 Jul 2007 22:11:37 +0200 (CEST)

Hi!

With a specially crafted web page, an attacker can redirect
a www browser to the page, which URL (in the url bar) resembles
an arbitrary domain choosen by the attacker.

Attached is a patch that just got applied in KDE's repository to fix theproblem in Konqueror.


Thanks for the report,

Harri.

Index: konqueror/konq_combo.cc
===================================================================
--- konqueror/konq_combo.cc     (revision 643782)
+++ konqueror/konq_combo.cc     (working copy)
@@ -158,6 +158,7 @@
         kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
                                   "addToCombo(QString,QCString)", data);
     }
+    lineEdit()->setCursorPosition( 0 );
 }
 
 void KonqCombo::setTemporary( const QString& text )

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] zdnet reports on java vulnerabilities
Next by Date: Re: [Full-disclosure] Internet Explorer 0day exploit
Previous by thread: Re: [Full-disclosure] Opera/Konqueror: data: URL scheme address bar spoofing
Next by thread: [Full-disclosure] Element CMS script insertion vulnerability
Index(es):
- Date
- Thread