CVE-2007-3143
Published: 11 June 2007
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
Notes
Author | Note |
---|---|
jdstrand | CVE references konqueror 3.5.5, but securityfocus references opera. securityfocus says that other browsers may be affected, and there is test exploit code. Need to verify on konqueror. |
kees | this may already be solved from CVE-2007-3820, CVE-2007-4224, and CVE-2007-4225. |
Priority
Status
Package | Release | Status |
---|---|---|
kdebase Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(solved in other CVEs)
|
edgy |
Not vulnerable
(solved in other CVEs)
|
|
feisty |
Not vulnerable
(solved in other CVEs)
|
|
gutsy |
Not vulnerable
(solved in other CVEs)
|
|
upstream |
Not vulnerable
(solved in other CVEs)
|
|
opera Launchpad, Ubuntu, Debian |
dapper |
Released
(9.23-20070809.6dapper1)
|
edgy |
Released
(9.23-20070809.6edgy1)
|
|
feisty |
Released
(9.23-20070809.6feisty1)
|
|
gutsy |
Released
(9.25-20071214.6gutsy1)
|
|
upstream |
Released
(9.22)
|