kdebase

• Author: voroskoi
• Vulnerable: 3.5.6-2
• Unaffected: 3.5.6-3terminus1

Robert Swiecki has discovered a vulnerability in Konqueror, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to an error when processing the “setInterval()” function and can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar. The vulnerability is caused due to an error in the handling of the “data:” URI scheme. This can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar when a user follows a specially crafted link.

• Bug Tracker URL: http://bugs.frugalware.org/task/2265

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3820
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4224
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4225