Full Disclosure mailing list archives

Re: Opera/Konqueror: data: URL scheme address bar spoofing

From: Harri Porten <porten () kde org>
Date: Sat, 14 Jul 2007 22:11:37 +0200 (CEST)

Hi!

With a specially crafted web page, an attacker can redirect
a www browser to the page, which URL (in the url bar) resembles
an arbitrary domain choosen by the attacker.

Attached is a patch that just got applied in KDE's repository to fix theproblem in Konqueror.


Thanks for the report,

Harri.

Attachment: location.diff
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Opera/Konqueror: data: URL scheme address bar spoofing Robert Swiecki (Jul 13)
- Message not available
  - Re: Opera/Konqueror: data: URL scheme address bar spoofing Martin Aberastegue (Jul 14)
    - Re: Opera/Konqueror: data: URL scheme address bar spoofing Nick FitzGerald (Jul 14)
    - Re: Opera/Konqueror: data: URL scheme address bar spoofing Martin Aberastegue (Jul 14)
- Re: Opera/Konqueror: data: URL scheme address bar spoofing Andrew Redman (Jul 15)
- <Possible follow-ups>
- Re: Opera/Konqueror: data: URL scheme address bar spoofing Harri Porten (Jul 15)