Info

Disclosure

Jun 22, 2005

Discovery

May 24, 2005

Dates

Exploit

Jun 21, 2005

Solution

Unknown

Description

KDE Konqueror contains a Javascript flaw that may allow an attacker to open a dialog box in front of a window displaying a trusted web site. This can allow them to make it appear that the dialog box comes from the trusted web site, which may be used to trick users into entering passwords or other sensitive information.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

KDE Project

Konqueror

3.4.0

References

Related OSVDB ID: 1172861 17397 79191 79192 79193 79194 79196 79197 79198 79199 79200 79201 79202 79203 79204 79205 79206 79207 79208 79209 79210 79211 79212 79213
Generic Exploit URL: http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/
Generic Informational URL: http://www.eweek.com/article2/0,1759,1830025,00.asp
Other Advisory URL: http://www.microsoft.com/technet/security/advisory/902333.mspx
http://www.us-cert.gov/cas/bulletins/SB05-173.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/79195