Re: Opera/Konqueror: data: URL scheme address bar spoofing Jul 14 2007 08:11PM
Harri Porten (porten kde org)

> With a specially crafted web page, an attacker can redirect
> a www browser to the page, which URL (in the url bar) resembles
> an arbitrary domain choosen by the attacker.

Attached is a patch that just got applied in KDE's repository to fix the
problem in Konqueror.

Thanks for the report,

Harri.Index: konqueror/konq_combo.cc


--- konqueror/konq_combo.cc (revision 643782)

+++ konqueror/konq_combo.cc (working copy)

@@ -158,6 +158,7 @@

kapp->dcopClient()->send( "konqueror*", "KonquerorIface",

"addToCombo(QString,QCString)", data);


+ lineEdit()->setCursorPosition( 0 );


void KonqCombo::setTemporary( const QString& text )

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus