Full Disclosure mailing list archives
Re: Opera/Konqueror: data: URL scheme address bar spoofing
From: Harri Porten <porten () kde org>
Date: Sat, 14 Jul 2007 22:11:37 +0200 (CEST)
Hi!
With a specially crafted web page, an attacker can redirect a www browser to the page, which URL (in the url bar) resembles an arbitrary domain choosen by the attacker.
Attached is a patch that just got applied in KDE's repository to fix the problem in Konqueror.
Thanks for the report, Harri.
Attachment:
location.diff
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Opera/Konqueror: data: URL scheme address bar spoofing Robert Swiecki (Jul 13)
- Message not available
- Re: Opera/Konqueror: data: URL scheme address bar spoofing Martin Aberastegue (Jul 14)
- Re: Opera/Konqueror: data: URL scheme address bar spoofing Nick FitzGerald (Jul 14)
- Re: Opera/Konqueror: data: URL scheme address bar spoofing Martin Aberastegue (Jul 14)
- Re: Opera/Konqueror: data: URL scheme address bar spoofing Martin Aberastegue (Jul 14)
- Message not available
- Re: Opera/Konqueror: data: URL scheme address bar spoofing Andrew Redman (Jul 15)
- <Possible follow-ups>
- Re: Opera/Konqueror: data: URL scheme address bar spoofing Harri Porten (Jul 15)