Vulnerability Description
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kde | Konqueror | 3.5.7 |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html
- http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
- http://secunia.com/advisories/26351
- http://secunia.com/advisories/26612
- http://secunia.com/advisories/26690
- http://secunia.com/advisories/26720
- http://secunia.com/advisories/27089
- http://secunia.com/advisories/27090
- http://secunia.com/advisories/27096
- http://secunia.com/advisories/27106
- http://secunia.com/advisories/27108
- http://secunia.com/advisories/27271
- http://securityreason.com/securityalert/2982
- http://securitytracker.com/id?1018579
- http://www.kde.org/info/security/advisory-20070816-1.txt
FAQ
What is CVE-2007-4224?
CVE-2007-4224 is a vulnerability with a CVSS score of 4.3 (MEDIUM). KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
How severe is CVE-2007-4224?
CVE-2007-4224 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4224?
Check the references section above for vendor advisories and patch information. Affected products include: Kde Konqueror.