Summary: | popup windows from Konqueror have a security bug | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | Giovanni Venturi <giovanni> |
Component: | general | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | unspecified | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: | |||
Attachments: | security.png |
Description
Giovanni Venturi
2004-12-10 14:39:22 UTC
> The browser Konqueror 3.x has a big security bug
How can you tell about all 3.x when you only run 3.2?
Fixed in 3.3.1 and up iirc.
> > The browser Konqueror 3.x has a big security bug > > How can you tell about all 3.x when you only run 3.2? > Here: http://secunia.com/advisories/13254/ > Fixed in 3.3.1 and up iirc. Well, then I don't understand why with my KDe 3.3.2post (from KDE_3_3_BRACH of yesterday) the test is positive and Konqueror has yet this security, bug. I tested it few minutes ago. Are you sure is it fixed? Maybe in KDE HEAD? I think this bug should be reopened. I think you should contact security@kde.org and not use bugzilla for any security concerns. Thanks. a screenshot of the presence of the bug. Created an attachment (id=8611) security.png I've just seen: http://www.kde.org/info/security/advisory-20040811-3.txt then the bug was fixed, but it seems be there, no? Then this bug is invalid, or not? Sorry for all these reply I'm trying to check, but it's not the same advisory. CVS commit by waba: Let findFrameParent check framename against name of current part if the part is a toplevel part. CCBUG: 94812 M +4 -1 khtml_part.cpp 1.1060 --- kdelibs/khtml/khtml_part.cpp #1.1059:1.1060 @@ -4807,5 +4807,5 @@ KHTMLPart::findFrameParent( KParts::Read { #ifdef DEBUG_FINDFRAME - kdDebug(6050) << "KHTMLPart::findFrameParent: this = " << this << " URL = " << m_url << " findFrameParent( " << f << " )" << endl; + kdDebug(6050) << "KHTMLPart::findFrameParent: this = " << this << " URL = " << m_url << " name = " << name() << " findFrameParent( " << f << " )" << endl; #endif // Check access @@ -4815,4 +4815,7 @@ KHTMLPart::findFrameParent( KParts::Read return 0; + if (!childFrame && !parentPart() && (name() == f)) + return this; + FrameIt it = d->m_frames.find( f ); const FrameIt end = d->m_frames.end(); CVS commit by waba: Check domain-restrictions before opening new page in existing window CCBUG: 94812 M +11 -7 konq_mainwindow.cc 1.1378 --- kdebase/konqueror/konq_mainwindow.cc #1.1377:1.1378 @@ -2272,4 +2272,15 @@ KonqView * KonqMainWindow::childView( KP kdDebug() << " - viewName=" << viewName << " " << "frame names:" << view->frameNames().join( "," ) << endl; + + // First look for a hostextension containing this frame name + KParts::BrowserHostExtension *ext = KParts::BrowserHostExtension::childObject( view->part() ); + if ( ext ) + { + ext = ext->findFrameParent(callingPart, name); + kdDebug() << "BrowserHostExtension found part " << ext << endl; + if (!ext) + continue; // Don't use this window + } + if ( !viewName.isEmpty() && viewName == name ) { @@ -2282,11 +2293,4 @@ KonqView * KonqMainWindow::childView( KP } - // First look for a hostextension containing this frame name - KParts::BrowserHostExtension *ext = KParts::BrowserHostExtension::childObject( view->part() ); - if ( ext ) - { - ext = ext->findFrameParent(callingPart, name); - } - // KParts::BrowserHostExtension* ext = KonqView::hostExtension( view->part(), name ); reopen Fixed. Security advisory will follow. Is it possible a backport to, at least, 3.3.x? It has been backported to 3.3-branch and 3.2-branch. |