Re: Opera/Konqueror: data: URL scheme address bar spoofing
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--8323328-1323314767-1184443897=:8339
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Hi!
> With a specially crafted web page, an attacker can redirect
> a www browser to the page, which URL (in the url bar) resembles
> an arbitrary domain choosen by the attacker.
Attached is a patch that just got applied in KDE's repository to fix the
problem in Konqueror.
Thanks for the report,
Harri.
--8323328-1323314767-1184443897=:8339
Content-Type: TEXT/plain; charset=US-ASCII; name=location.diff
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.64.0707142211370.8339@pudel.froglogic.com>
Content-Description:
Content-Disposition: attachment; filename=location.diff
SW5kZXg6IGtvbnF1ZXJvci9rb25xX2NvbWJvLmNjDQo9PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09DQotLS0ga29ucXVlcm9yL2tvbnFfY29tYm8uY2MJKHJldmlz
aW9uIDY0Mzc4MikNCisrKyBrb25xdWVyb3Iva29ucV9jb21iby5jYwkod29y
a2luZyBjb3B5KQ0KQEAgLTE1OCw2ICsxNTgsNyBAQA0KICAgICAgICAga2Fw
cC0+ZGNvcENsaWVudCgpLT5zZW5kKCAia29ucXVlcm9yKiIsICJLb25xdWVy
b3JJZmFjZSIsDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICJhZGRUb0NvbWJvKFFTdHJpbmcsUUNTdHJpbmcpIiwgZGF0YSk7DQogICAg
IH0NCisgICAgbGluZUVkaXQoKS0+c2V0Q3Vyc29yUG9zaXRpb24oIDAgKTsN
CiB9DQogDQogdm9pZCBLb25xQ29tYm86OnNldFRlbXBvcmFyeSggY29uc3Qg
UVN0cmluZyYgdGV4dCApDQo=
--8323328-1323314767-1184443897=:8339--
討論串 (同標題文章)
完整討論串 (本文為第 2 之 3 篇):