113251 – Konqueror crashed on security test

Bug 113251 - Konqueror crashed on security test

Summary: Konqueror crashed on security test

Status:	RESOLVED DUPLICATE of bug 112905

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Gentoo Packages Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-09-24 22:09 UTC by luca casagrande
Modified:	2005-09-25 14:23 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description luca casagrande 2005-09-24 22:09:33 UTC

Version:            (using KDE KDE 3.4.90)
Installed from:    Gentoo Packages
OS:                Linux

I was making the browser security test on http://bcheck.scanit.be/bcheck/ and konqueror crashed at test 34.
Using kde 3.5beta1.

Comment 1 Thiago Macieira 2005-09-24 22:16:31 UTC

I cannot reproduce. Can you paste the backtrace? Make sure Kaffeine is not enabled either.

Comment 2 George Staikos 2005-09-24 22:32:44 UTC

No crash here, but one test failed:


Browser Security Test Results
Dear Customer, 
The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities  0
  Medium Risk Vulnerabilities  1
  Low Risk Vulnerabilities  0
  New bugs keep coming!  Sign up for announcements of new tests. 
 Questions about the test? Read the FAQ. 
Still having questions? Send us your feedback. 
Want to know how everyone else is doing on Browser Test? Check our statistics. 
Help! My browser is hijacked! Read our step by step tutorial on how to clean 
your computer from browser hijackers and unwanted adware.
  Medium Risk Vulnerabilities
Mozilla Link Onclick Cross Domain Scripting Vulnerability (ldy20030416)
Description
This bug can allow a malicious web site to access your data on other web 
sites. For example it can be used to read you mail from a web mail system. 
 Mozilla is an open source browser. From Netscape 6 onwards, Mozilla's source 
code has been used to create Netscape browser. As a result, Netscape suffers 
from many of the same vulnerabilities as Mozilla. 
 Other browsers, such as Galeon, Phoenix, Camino (Chimera) also use Mozilla's 
source code and can be vulnerable too.
Technical Details
When Mozilla starts loading a new page in a window various objects on the old 
page remain available for a short period of time. However the domain changes 
immediately to the domain of the new page. During this short period it is 
possible to execute the JavaScript code defined by the old page in the 
context of new page. 
 This problem can be exploited as follows: 
When a user surfs to a malicious web page the page opens another window with a 
document from the same web site. This page should contain a link that has an 
"onclick" property defined. 
The code on malicious page saves a reference to the onclick function of the 
link in another window 
Then it starts loading a page from a target web site in the window where the 
link is 
While the new page is loaded the onclick function is called by its saved 
reference. 
The function is executed in the context of the target web site and has access 
to cookies and other information for that web site. 
Recommendations
Netscape users need to upgrade to Netscape 7.1 or later to fix this 
vulnerability. 
Mozilla users need to upgrade to version 1.3.1, 1.4b or later 
Galeon users - upgrade your Mozilla installation to version 1.4b or later and 
upgrade to Galeon version that supports it (1.2.5 or later)

Comment 3 Thiago Macieira 2005-09-24 22:35:45 UTC

No, George, you're not allowed to hijack this bug. Open one for yourself :-)

Comment 4 Anne-Marie Mahfouf 2005-09-24 23:03:52 UTC

Test 34 fails crashes konqueror (svn 3.5 branch today) with the following backtrace:
Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1231735104 (LWP 22639)]
[KCrash handler]
#7  0x00000018 in ?? ()
#8  0xb71760fd in qt_inheritedBy (superClass=0x82d4f00, object=0x85f2b80)
    at kernel/qobject.cpp:596
#9  0xb63f1dc2 in qt_cast<KHTMLPart*> ()
   from /usr/local/kde3.5/lib/kde3/libsearchbarplugin.so
#10 0xb62dc169 in KJS::Window::retrieve ()
   from /usr/local/kde3.5/lib/libkhtml.so.4
#11 0xb62dc262 in KJS::Window::retrieveWindow ()
   from /usr/local/kde3.5/lib/libkhtml.so.4
#12 0xb615c0d9 in KHTMLPart::begin () from /usr/local/kde3.5/lib/libkhtml.so.4
#13 0xb614c44a in KHTMLPart::slotData ()
   from /usr/local/kde3.5/lib/libkhtml.so.4
#14 0xb61703c1 in KHTMLPart::qt_invoke ()
   from /usr/local/kde3.5/lib/libkhtml.so.4
#15 0xb717a4d7 in QObject::activate_signal (this=0x8515ea8, clist=0x86466d0, 
    o=0xbfffe1b0) at kernel/qobject.cpp:2356
#16 0xb7d8691c in KIO::TransferJob::data ()
   from /usr/local/kde3.5/lib/libkio.so.4
#17 0xb7d8698d in KIO::TransferJob::slotData ()
   from /usr/local/kde3.5/lib/libkio.so.4
#18 0xb7d96984 in KIO::TransferJob::qt_invoke ()
   from /usr/local/kde3.5/lib/libkio.so.4
#19 0xb717a4d7 in QObject::activate_signal (this=0x84a41e0, clist=0x84a4be8, 
    o=0xbfffe2c4) at kernel/qobject.cpp:2356
#20 0xb7d749d2 in KIO::SlaveInterface::data ()
   from /usr/local/kde3.5/lib/libkio.so.4
#21 0xb7d78574 in KIO::SlaveInterface::dispatch ()
   from /usr/local/kde3.5/lib/libkio.so.4
#22 0xb7d755e1 in KIO::SlaveInterface::dispatch ()
   from /usr/local/kde3.5/lib/libkio.so.4
#23 0xb7d725bb in KIO::Slave::gotInput ()
   from /usr/local/kde3.5/lib/libkio.so.4
#24 0xb7d728b9 in KIO::Slave::qt_invoke ()
   from /usr/local/kde3.5/lib/libkio.so.4
#25 0xb717a4d7 in QObject::activate_signal (this=0x84a3a88, clist=0x84a4458, 
    o=0xbfffe698) at kernel/qobject.cpp:2356
#26 0xb717ae25 in QObject::activate_signal (this=0x84a3a88, signal=2, param=18)
    at kernel/qobject.cpp:2449
#27 0xb750da08 in QSocketNotifier::activated (this=0x84a3a88, t0=18)
    at .moc/debug-shared-mt/moc_qsocketnotifier.cpp:85
#28 0xb719b249 in QSocketNotifier::event (this=0x84a3a88, e=0xbfffe970)
    at kernel/qsocketnotifier.cpp:258
#29 0xb71104e4 in QApplication::internalNotify (this=0xbfffecc4, 
    receiver=0x84a3a88, e=0xbfffe970) at kernel/qapplication.cpp:2635
#30 0xb71106fc in QApplication::notify (this=0xbfffecc4, receiver=0x84a3a88, 
    e=0xbfffe970) at kernel/qapplication.cpp:2358
#31 0xb77d59f7 in KApplication::notify ()
   from /usr/local/kde3.5/lib/libkdecore.so.4
#32 0xb70a2de3 in QApplication::sendEvent (receiver=0x84a3a88, 
    event=0xbfffe970) at qapplication.h:496
#33 0xb71018c5 in QEventLoop::activateSocketNotifiers (this=0x810f5a8)
    at kernel/qeventloop_unix.cpp:578
#34 0xb70b6598 in QEventLoop::processEvents (this=0x810f5a8, flags=4)
    at kernel/qeventloop_x11.cpp:383
#35 0xb7128856 in QEventLoop::enterLoop (this=0x810f5a8)
    at kernel/qeventloop.cpp:198
#36 0xb712877f in QEventLoop::exec (this=0x810f5a8)
    at kernel/qeventloop.cpp:145
#37 0xb710f06d in QApplication::exec (this=0xbfffecc4)
    at kernel/qapplication.cpp:2758
#38 0xb67c9aa2 in kdemain () from /usr/local/kde3.5/lib/libkdeinit_konqueror.so
#39 0xb76ee7a0 in kdeinitmain () from /usr/local/kde3.5/lib/kde3/konqueror.so
#40 0x0804df04 in launch ()
#41 0x0804e5f9 in handle_launcher_request ()
#42 0x0804ecc9 in handle_requests ()
#43 0x0804fb7c in main ()

Comment 5 Tommi Tervo 2005-09-25 14:23:03 UTC


*** This bug has been marked as a duplicate of 112905 ***