CVE-2007-3143
Published: 11 June 2007
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
Notes
| Author | Note |
|---|---|
| jdstrand | CVE references konqueror 3.5.5, but securityfocus references opera. securityfocus says that other browsers may be affected, and there is test exploit code. Need to verify on konqueror. |
| kees | this may already be solved from CVE-2007-3820, CVE-2007-4224, and CVE-2007-4225. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
kdebase Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(solved in other CVEs)
|
| edgy |
Not vulnerable
(solved in other CVEs)
|
|
| feisty |
Not vulnerable
(solved in other CVEs)
|
|
| gutsy |
Not vulnerable
(solved in other CVEs)
|
|
| upstream |
Not vulnerable
(solved in other CVEs)
|
|
|
opera Launchpad, Ubuntu, Debian |
dapper |
Released
(9.23-20070809.6dapper1)
|
| edgy |
Released
(9.23-20070809.6edgy1)
|
|
| feisty |
Released
(9.23-20070809.6feisty1)
|
|
| gutsy |
Released
(9.25-20071214.6gutsy1)
|
|
| upstream |
Released
(9.22)
|