漏洞信息详情
KDE Konqueror setinterval函数地址栏URI欺骗漏洞
漏洞简介
Konqueror是K桌面环境的文件管理器,也可用于浏览WEB。
Konqueror的setinterval函数实现上存在漏洞,远程攻击者可能利用此漏洞执行浏览器地址栏欺骗。
如果用很小的时间间隔值(如0)使用setinterval()调用的话,就可以更改window.location属性。当浏览器仍保持在攻击者网站时地址栏中可能显示其他页面的URI,这就给用户造成了错误的安全意识,有利于攻击者执行网络钓鱼攻击。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
ftp://ftp.kde.org/pub/kde/security_patches
参考网址
来源: FEDORA
名称: FEDORA-2007-716
链接:https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00085.html
来源: FEDORA
名称: FEDORA-2007-2361
链接:https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1615
来源: XF
名称: konqueror-setinterval-spoofing(35828)
链接:http://xforce.iss.net/xforce/xfdb/35828
来源: UBUNTU
名称: USN-502-1
链接:http://www.ubuntu.com/usn/usn-502-1
来源: BID
名称: 25219
链接:http://www.securityfocus.com/bid/25219
来源: BUGTRAQ
名称: 20070807 Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/475763/100/0/threaded
来源: BUGTRAQ
名称: 20070806 Re: Konqueror: URL address bar spoofing vulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/475731/100/0/threaded
来源: BUGTRAQ
名称: 20070806 Re: Konqueror: URL address bar spoofingvulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/475730/100/0/threaded
来源: BUGTRAQ
名称: 20070806 Konqueror: URL address bar spoofing vulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/475689/100/0/threaded
来源: REDHAT
名称: RHSA-2007:0909
链接:http://www.redhat.com/support/errata/RHSA-2007-0909.html
来源: REDHAT
名称: RHSA-2007:0905
链接:http://www.redhat.com/support/errata/RHSA-2007-0905.html
来源: MANDRIVA
名称: MDKSA-2007:176
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:176
来源: www.kde.org
链接:http://www.kde.org/info/security/advisory-20070816-1.txt
来源: VUPEN
名称: ADV-2007-2807
链接:http://www.frsirt.com/english/advisories/2007/2807
来源: SECTRACK
名称: 1018579
链接:http://securitytracker.com/id?1018579
来源: SREASON
名称: 2982
链接:http://securityreason.com/securityalert/2982
来源: SECUNIA
名称: 27271
链接:http://secunia.com/advisories/27271
来源: SECUNIA
名称: 27108
链接:http://secunia.com/advisories/27108
来源: SECUNIA
名称: 27106
链接:http://secunia.com/advisories/27106
来源: SECUNIA
名称: 27096
链接:http://secunia.com/advisories/27096
来源: SECUNIA
名称: 27090
链接:http://secunia.com/advisories/27090
来源: SECUNIA
名称: 27089
链接:http://secunia.com/advisories/27089
来源: SECUNIA
名称: 26720
链接:http://secunia.com/advisories/26720
来源: SECUNIA
名称: 26690
链接:http://secunia.com/advisories/26690
来源: SECUNIA
名称: 26612
链接:http://secunia.com/advisories/26612
来源: SECUNIA
名称: 26351
链接:http://secunia.com/advisories/26351
来源: SUSE
名称: SUSE-SR:2007:021
链接:http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
来源: FULLDISC
名称: 20070806 Konqueror: URL address bar spoofing vulnerabilities
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html
受影响实体
- Kde Konqueror:3.5.7<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...