Bugzilla – Bug 58271
VUL-0: CVE-2004-0721: Konqueror Frame Injection Vulnerability
Last modified: 2021-10-02 09:47:03 UTC
Konqueror allows a webpage to load a frame in the frameset of another entirely unrelated webpage. See http://bugs.kde.org/show_bug.cgi?id=84352
<!-- SBZ_reproduce --> http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ contains a testcase.
Created attachment 22532 [details] patch for kdelibs
Created attachment 22533 [details] patch for kdebase
CRD: 11. Aug. Waldo, which time do you think 1400 UTC? Patchinfo files follow asap.
1400 UTC, yes
Created attachment 22560 [details] patchinfo.kdelibs3-4vulns
Created attachment 22561 [details] patchinfo-box.kdelibs3-4vulns
Created attachment 22562 [details] patchinfo.kdebas3-2vulns
Created attachment 22563 [details] patchinfo-box.kdebas3-2vulns
we will need a patchinfo which has kdelibs and kdebase inside, since the kdebase update relies on the new kdelibs API. packages will be ready for checkin within the next two hours.
Adrian, do you like to modify the files accordingly please? You know best about the dependencies.
will do
Please remove the line about cookie sppofing from both kdelibs files. This issue will be made public later.
This issue is CAN-2004-0721
Adrian, can you add this CAN number in the patchinfo files before you submit them please? In the BUGZILLA line the ID for the cookie stuff has to be removed too (Bug# 43269)
all done, packages are checked in, patchinfos are prepared. please drop the old kdelibs/kdebase patchinfos. reassign to thomas for tracking.
As mailed to kde-packager@kde.org yesterday. Please note that a regression in the kdelibs patches has been discovered, they should be adjusted as follows: - KHTMLPart *callingHtmlPart = const_cast<KHTMLPart *>(dynamic_cast<const KHTMLPart *>(sender())); + KHTMLPart *callingHtmlPart = const_cast<KHTMLPart *>(dynamic_cast<const KHTMLPart *>(sender()->parent())); Updated patches mailed to Adrian
packages update, still in test build.
updated packages checked in. new patchinfos also.
I hope Harald doesn't get confused by all the drop-and-resubmit cycles...
we are talking with each other ;)
The sles8 packages seem no to fix the problem (qa-testing).
they work on my sles8-i386 installation. However, I have seen that it didn't on chullers installation despite the fact that right packages were installed. no idea yet.
the problem is that we had also a "kdebase3-konqueror" package in old times which is missing in the patchinfo files. so we need new patchinfo files, working on it.
okay, we have three new patchinfo files for the SLES products and two new for the Box. please remove the old ones, shall I come and help to find them ? ;)
old patchinfos are dropped, new ones (3 sles and two Box) are checked in.
PANIK !!! we can not yet release the 9.1 box ones, because we have still the binary incompatible libjasper in the build system and we do not have fixed them yet. (my first attempt was broken, I need to fix this in the right way) This is NOT a blocker for SLES 9, but for the 9.1-i386 and 9.1-x86_64.
wrong again, this affects only the supplementary updates (and possible ImageMagick updates). so, ignore me and keep up your work ;)
Reassigning back to kde-maintainers
released updates.
CVE-2004-0721: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)