CVE Vulnerabilities

CVE-2004-1158

Published: Jan 10, 2005 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the window injection vulnerability.

Affected Software

Name Vendor Start Version End Version
Konqueror Kde 2.1.1 (including) 2.1.1 (including)
Konqueror Kde 2.1.2 (including) 2.1.2 (including)
Konqueror Kde 2.2.1 (including) 2.2.1 (including)
Konqueror Kde 2.2.2 (including) 2.2.2 (including)
Konqueror Kde 3.0 (including) 3.0 (including)
Konqueror Kde 3.0.1 (including) 3.0.1 (including)
Konqueror Kde 3.0.2 (including) 3.0.2 (including)
Konqueror Kde 3.0.3 (including) 3.0.3 (including)
Konqueror Kde 3.0.5 (including) 3.0.5 (including)
Konqueror Kde 3.0.5b (including) 3.0.5b (including)
Konqueror Kde 3.1 (including) 3.1 (including)
Konqueror Kde 3.1.1 (including) 3.1.1 (including)
Konqueror Kde 3.1.2 (including) 3.1.2 (including)
Konqueror Kde 3.1.3 (including) 3.1.3 (including)
Konqueror Kde 3.1.4 (including) 3.1.4 (including)
Konqueror Kde 3.1.5 (including) 3.1.5 (including)
Konqueror Kde 3.2.1 (including) 3.2.1 (including)
Konqueror Kde 3.2.2.6 (including) 3.2.2.6 (including)
Konqueror Kde 3.2.3 (including) 3.2.3 (including)
Konqueror Kde 3.3 (including) 3.3 (including)
Konqueror Kde 3.3.1 (including) 3.3.1 (including)
Konqueror Kde 3.3.2 (including) 3.3.2 (including)
Red Hat Enterprise Linux 3 RedHat kdebase-6:3.1.3-5.8 *
Red Hat Enterprise Linux 3 RedHat kdelibs-6:3.1.3-6.9 *
Kdebase Ubuntu dapper *
Kdebase Ubuntu devel *
Kdebase Ubuntu edgy *
Kdebase Ubuntu feisty *
Kdelibs Ubuntu dapper *
Kdelibs Ubuntu devel *
Kdelibs Ubuntu edgy *
Kdelibs Ubuntu feisty *

References