[Full-disclosure] Opera/Konqueror: data: URL scheme address bar spoofing
Harri Porten
porten at kde.org
Sat Jul 14 21:11:37 BST 2007
Hi!
> With a specially crafted web page, an attacker can redirect
> a www browser to the page, which URL (in the url bar) resembles
> an arbitrary domain choosen by the attacker.
Attached is a patch that just got applied in KDE's repository to fix the
problem in Konqueror.
Thanks for the report,
Harri.
-------------- next part --------------
Index: konqueror/konq_combo.cc
===================================================================
--- konqueror/konq_combo.cc (revision 643782)
+++ konqueror/konq_combo.cc (working copy)
@@ -158,6 +158,7 @@
kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
"addToCombo(QString,QCString)", data);
}
+ lineEdit()->setCursorPosition( 0 );
}
void KonqCombo::setTemporary( const QString& text )
Full-Disclosure is hosted and sponsored by Secunia.