Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 56109
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 56109 depends on: Show dependency tree
Bug 56109 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-07-05 00:47 0000 
Description from Secunia:

Description:
A 6 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites.
 
 The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.
 
 Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.
 
 Secunia has constructed a test, which can be used to check if your browser is affected by this issue:

http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/

Just tested Konqueror 3.2.2 and it is vulnerable. mozilla-firefox-0.8-r3 seems not to suffer from this.

------- Comment #1 From Thierry Carrez (RETIRED) 2004-07-05 02:10:42 0000 ------- 
Hardly exploitable, but should be fixed.

Affected packages :
net-www/opera
net-www/mozilla
net-www/firefox
kde-base/kdebase (Konqueror)
...?

Fixed packages :
net-www/firefox >=0.9
net-www/mozilla >=1.7

Waiting for upstream fixes for Opera and Konqueror.

------- Comment #2 From Dan Margolis (RETIRED) 2004-07-05 14:36:08 0000 ------- 
net-www/netscape-navigator is vulnerable (I'm assuming
net-www/netscape-communicator is as well). Note that I tested this on OSX, but
it should be vulnerable on Linux as well. 

Who still uses Netscape, anyway? ;)

------- Comment #3 From Sune Kloppenborg Jeppesen 2004-07-07 14:03:12 0000 ------- 
Opera fixed with bug #56311

Patch available for Konqueror

http://bugs.kde.org/show_bug.cgi?id=84352

------- Comment #4 From Thierry Carrez (RETIRED) 2004-07-07 14:06:14 0000 ------- 
KDE team: could you please look in the fix for Konqueror and issue a fixed
ebuild ?
For netscape-communicator, I suppose there won't be a fix so we might need to
mask it.

------- Comment #5 From Caleb Tennis 2004-07-08 07:00:33 0000 ------- 
I'd like to see a little more conversation on the KDE bug site and find out
what their plan is before I commit anything here.  If it's a serious problem,
they'll issue a security advisory.  My guess is that the patch that's in that
bug still has a little bit of work left.

------- Comment #6 From Sune Kloppenborg Jeppesen 2004-08-05 23:27:09 0000 ------- 
mozilla(-bin) and firefox seems to be fixed with bug #59419

------- Comment #7 From Thierry Carrez (RETIRED) 2004-08-06 02:42:31 0000 ------- 
Moz and Firefox are fixed since 1.7 / 0.9, see comment above.
Konqueror and Netscape-Communicator are the only left to fix.
Changing title to reflect this.

------- Comment #8 From Sune Kloppenborg Jeppesen 2004-08-11 11:34:36 0000 ------- 
Konqueror fixed with bug #60068

------- Comment #9 From Mamoru KOMACHI (RETIRED) 2004-08-17 14:10:52 0000 ------- 
I agree to p.mask net-www/netscape-*. The latest portage is clever enough to
show the reason of p.mask extracted from package.mask, so I would assume it's
okay to keep them in our tree even though they are vulnerable to the exploit.

------- Comment #10 From Aron Griffis (RETIRED) 2004-08-18 12:37:49 0000 ------- 
ok, netscape-communicator and netscape-navigator are package.mask'd

------- Comment #11 From Thierry Carrez (RETIRED) 2004-09-02 06:36:34 0000 ------- 
This is ready for GLSA or close...

------- Comment #12 From Thierry Carrez (RETIRED) 2004-09-03 07:05:26 0000 ------- 
Closing without GLSA.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug