CVE-2007-4224
published 2007-08-08CVE-2007-4224: KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.83%
76.2th percentile
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kde | konqueror | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pxp9-fmhc-vjvg: KDE Konqueror 3
ghsa_unreviewed·2022-05-01
CVE-2007-4224 [MEDIUM] CWE-59 GHSA-pxp9-fmhc-vjvg: KDE Konqueror 3
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
Ubuntu
KDE vulnerabilities
vendor_ubuntu·2007-08-26
CVE-2007-3820 KDE vulnerabilities
Title: KDE vulnerabilities
Summary: KDE vulnerabilities
It was discovered that Konqueror could be tricked into displaying
incorrect URLs. Remote attackers could exploit this to increase their
chances of tricking a user into visiting a phishing URL, which could
lead to credential theft.
Instructions: After a standard system upgrade you need to restart your session to
effect the necessary changes.
Red Hat
URL spoof in address bar
vendor_redhat·2007-08-07·CVSS 4.3
CVE-2007-4224 [MEDIUM] URL spoof in address bar
URL spoof in address bar
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-4224 URL spoof in address bar
bugzilla·2007-08-10·CVSS 2.6
CVE-2007-4224 [LOW] CVE-2007-4224 URL spoof in address bar
CVE-2007-4224 URL spoof in address bar
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4224
to the following vulnerability:
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
References:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html
Discussion:
KDE security advisory targeting CVE-2007-3820, CVE-2007-4224 and CVE-2007-4225
with references to official upstream patches:
http://www.kde.org/info/security/advisory-20070816-1.txt
---
this is a low severity flaw which does not trigger the need for a security
update to kde. We will fix this issue when other issues of higher severity
trigger a kde security update.
Bugzilla
CVE-2007-3820 Spoofing of URI possible in Konqueror's address bar
bugzilla·2007-07-17·CVSS 2.6
CVE-2007-3820 [LOW] CVE-2007-3820 Spoofing of URI possible in Konqueror's address bar
CVE-2007-3820 Spoofing of URI possible in Konqueror's address bar
Description of problem:
An URI that appears in the address bar is scrolled to the right,
and thus a long URI padded with whitespace can be used to trick
user.
Version-Release number of selected component (if applicable):
CVE-2007-3820 Probably Affects: RHEL2.1
CVE-2007-3820 Probably Affects: RHEL3
CVE-2007-3820 Affects: RHEL4
CVE-2007-3820 Affects: RHEL5
CVE-2007-3820 Affects: FC6
CVE-2007-3820 Affects: FC7
Steps to Reproduce:
1. Visit http://alt.swiecki.net/oper1.html
tp://alt.swiecki.net/oper1.html with konqueror
Actual results:
http://alt.swiecki.net/konq.png
Additional info:
An data: URI (with inline HTML) can contain real spaces, not just %20.
Discussion:
Created attachment 159428
Upstream patch for CVE-2007
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.htmlhttp://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.htmlhttp://secunia.com/advisories/26351http://secunia.com/advisories/26612http://secunia.com/advisories/26690http://secunia.com/advisories/26720http://secunia.com/advisories/27089http://secunia.com/advisories/27090http://secunia.com/advisories/27096http://secunia.com/advisories/27106http://secunia.com/advisories/27108http://secunia.com/advisories/27271http://securityreason.com/securityalert/2982http://securitytracker.com/id?1018579http://www.kde.org/info/security/advisory-20070816-1.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2007:176http://www.redhat.com/support/errata/RHSA-2007-0905.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0909.htmlhttp://www.securityfocus.com/archive/1/475689/100/0/threadedhttp://www.securityfocus.com/archive/1/475730/100/0/threadedhttp://www.securityfocus.com/archive/1/475731/100/0/threadedhttp://www.securityfocus.com/archive/1/475763/100/0/threadedhttp://www.securityfocus.com/bid/25219http://www.ubuntu.com/usn/usn-502-1http://www.vupen.com/english/advisories/2007/2807https://exchange.xforce.ibmcloud.com/vulnerabilities/35828https://issues.rpath.com/browse/RPL-1615https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9879https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-October/msg00085.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.htmlhttp://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.htmlhttp://secunia.com/advisories/26351http://secunia.com/advisories/26612http://secunia.com/advisories/26690http://secunia.com/advisories/26720http://secunia.com/advisories/27089http://secunia.com/advisories/27090http://secunia.com/advisories/27096http://secunia.com/advisories/27106http://secunia.com/advisories/27108http://secunia.com/advisories/27271http://securityreason.com/securityalert/2982http://securitytracker.com/id?1018579http://www.kde.org/info/security/advisory-20070816-1.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2007:176http://www.redhat.com/support/errata/RHSA-2007-0905.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0909.htmlhttp://www.securityfocus.com/archive/1/475689/100/0/threadedhttp://www.securityfocus.com/archive/1/475730/100/0/threadedhttp://www.securityfocus.com/archive/1/475731/100/0/threadedhttp://www.securityfocus.com/archive/1/475763/100/0/threadedhttp://www.securityfocus.com/bid/25219http://www.ubuntu.com/usn/usn-502-1http://www.vupen.com/english/advisories/2007/2807https://exchange.xforce.ibmcloud.com/vulnerabilities/35828https://issues.rpath.com/browse/RPL-1615https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9879https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-October/msg00085.html
2007-08-08
Published