FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mutiple browser frame injection vulnerability

Affected packages
kdelibs < 3.2.3_3
kdebase < 3.2.3_1
7.50 <= linux-opera < 7.52
7.50 <= opera < 7.52
firefox < 0.9
linux-mozilla < 1.7
linux-mozilla-devel < 1.7
mozilla-gtk1 < 1.7
mozilla < 1.7,2
netscape7 < 7.2

Details

VuXML ID 641859e8-eca1-11d8-b913-000c41e2cdad
Discovery 2004-08-11
Entry 2004-08-12
Modified 2004-09-14

A class of bugs affecting many web browsers in the same way was discovered. A Secunia advisory reports:

The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.

Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.

A KDE Security Advisory reports:

A malicious website could abuse Konqueror to insert its own frames into the page of an otherwise trusted website. As a result the user may unknowingly send confidential information intended for the trusted website to the malicious website.

Secunia has provided a demonstration of the vulnerability at http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/.

References

CVE Name CVE-2004-0717
CVE Name CVE-2004-0718
CVE Name CVE-2004-0721
URL ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlframes.patch
URL ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlframes.patch
URL http://bugzilla.mozilla.org/show_bug.cgi?id=246448
URL http://secunia.com/advisories/11978/