FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3820

This CVE name corresponds to:

Entered Topic
2007-09-19 konquerer -- address bar spoofing

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-3820 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-3820
Phase Assigned(20070716)

Description

konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.

References

Source Reference
BUGTRAQ 20070713 Opera/Konqueror: data: URL scheme address bar spoofing
BUGTRAQ 20070714 Re: Opera/Konqueror: data: URL scheme address bar spoofing
MISC http://alt.swiecki.net/oper1.html
CONFIRM http://www.kde.org/info/security/advisory-20070816-1.txt
FEDORA FEDORA-2007-2361
FEDORA FEDORA-2007-716
MANDRIVA MDKSA-2007:176
REDHAT RHSA-2007:0905
REDHAT RHSA-2007:0909
UBUNTU USN-502-1
BID 24912
BID 24918
OSVDB 37242
OVAL oval:org.mitre.oval:def:10345
VUPEN ADV-2007-2538
SECTRACK 1018396
SECUNIA 26091
SECUNIA 26612
SECUNIA 26720
SECUNIA 27089
SECUNIA 27106
SECUNIA 27108
SECUNIA 27090
SECUNIA 27096
SREASON 2905
XF opera-konqueror-addressbar-spoofing(35430)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.