165719 – kde-base/konqueror <= 3.5.6 KHTML Library Title XSS CVE-2007-0478 CVE-2007-0537

Bug 165719 - kde-base/konqueror <= 3.5.6 KHTML Library Title XSS CVE-2007-0478 CVE-2007-0537

Summary: kde-base/konqueror <= 3.5.6 KHTML Library Title XSS CVE-2007-0478 CVE-2007-0537

Status:	RESOLVED DUPLICATE of bug 165606

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.securityfocus.com/bid/2242...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-02-07 06:10 UTC by Executioner
Modified:	2007-02-07 09:03 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Executioner 2007-02-07 06:10:25 UTC

Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.

Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.

All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue.

Reproducible: Didn't try




http://www.kde.org/info/security/advisory-20070206-1.txt

Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev

2007-02-07 09:03:28 UTC


*** This bug has been marked as a duplicate of bug 165606 ***