Package: konqueror
Version: 4:4.3.4-1
Severity: normal
There is a "Disclosure of user information" security flaw in the konqueror
browser due to the implementation of support for CSS :visited pseudoclass
elements. It is possible to specify a background-url attribute which will make
a request to the server if a particular link has been visited. Using this CSS
mechanism, it is possible for a hosting server to determine visited links
without using Javascript.
For example:
<style>
a#link1:visited { background-image: url(/log?link1_was_visited); }
a#link2:visited { background-image: url(/log?link2_was_visited); }
</style>
<a href="http://google.com"; id="link1">
<a href="http://yahoo.com"; id="link2">
If link1 (http://google.com) has been visited, the browser will make a request
back to the server to retrieve the background for the #link1 rule. By
ppending a different URL argument to each rule we can determine which of the
links were visited. Please note that this requires no client-side scripting
whatsoever, and only relies on the availability of CSS.
The following website demonstrates a working exploit of this vulnerability:
http://www.whattheinternetknowsaboutyou.com/
Mark.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (60, 'testing'), (50, 'unstable')
Architecture: i386 (i386)
Kernel: Linux 2.6.26-2-486
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages konqueror depends on:
ii install-info 4.13a.dfsg.1-4 Manage installed documentation in
ii kdebase-bin 4:4.3.4-1 core binaries for the KDE 4 base m
ii kdebase-data 4:4.3.4-1 shared data files for the KDE 4 ba
ii kdebase-runtime 4:4.3.1-1 runtime components from the offici
ii kdelibs5 4:4.3.4-3 core libraries for all KDE 4 appli
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libkonq5 4:4.3.4-1 core libraries for Konqueror
ii libkonqsidebarplugin4 4:4.3.4-1 Konqueror sidebar plugin library
ii libqt4-dbus 4:4.5.3-4 Qt 4 D-Bus module
ii libqt4-qt3support 4:4.5.3-4 Qt 3 compatibility library for Qt
ii libqt4-xml 4:4.5.3-4 Qt 4 XML module
ii libqtcore4 4:4.5.3-4 Qt 4 core module
ii libqtgui4 4:4.5.3-4 Qt 4 GUI module
ii libstdc++6 4.4.2-9 The GNU Standard C++ Library v3
ii libx11-6 2:1.2.2-1 X11 client-side library
Versions of packages konqueror recommends:
ii dolphin 4:4.3.4-1 file manager for KDE 4
ii konqueror-nsplugins 4:4.3.4-1 Netscape plugin support for Konque
Versions of packages konqueror suggests:
pn konq-plugins <none> (no description available)
-- no debconf information
--
To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/20100418095119.18686.61292.report...@venus.markhobley.yi.org
