CVE-2004-1158

Name of the Vulnerable Software and Affected Versions kdebase versions 2.2.2 through 3.1.3 kdebase-devel versions 2.2.2 through 3.1.3 Konqueror versions 3.x up to 3.2.2-6

Description The issue concerns multiple vulnerabilities in the kdebase and kdebase-devel packages of Red Hat Enterprise Linux, as well as in Konqueror. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, Konqueror's "window injection" vulnerability allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain.

Recommendations For kdebase versions 2.2.2 through 3.1.3, update to a version that contains a fix for this issue. For kdebase-devel versions 2.2.2 through 3.1.3, update to a version that contains a fix for this issue. For Konqueror versions 3.x up to 3.2.2-6, consider disabling the ability to inject content from one window into another as a temporary workaround until a patch is available.