Mandrake Linux Security Advisory : konqueror (MDKSA-2007:176)
Medium Nessus Plugin ID 26008
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
Descriptionkonqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. (CVE-2007-3820)
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. (CVE-2007-4224)
Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. (CVE-2007-4225)
Updated packages fix these issues.
SolutionUpdate the affected packages.