Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
2005-01-10T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | kde | konqueror | 2.1.1 | Yes |
| Application | kde | konqueror | 2.1.2 | Yes |
| Application | kde | konqueror | 2.2.1 | Yes |
| Application | kde | konqueror | 2.2.2 | Yes |
| Application | kde | konqueror | 3.0 | Yes |
| Application | kde | konqueror | 3.0.1 | Yes |
| Application | kde | konqueror | 3.0.2 | Yes |
| Application | kde | konqueror | 3.0.3 | Yes |
| Application | kde | konqueror | 3.0.5 | Yes |
| Application | kde | konqueror | 3.0.5b | Yes |
| Application | kde | konqueror | 3.1 | Yes |
| Application | kde | konqueror | 3.1.1 | Yes |
| Application | kde | konqueror | 3.1.2 | Yes |
| Application | kde | konqueror | 3.1.3 | Yes |
| Application | kde | konqueror | 3.1.4 | Yes |
| Application | kde | konqueror | 3.1.5 | Yes |
| Application | kde | konqueror | 3.2.1 | Yes |
| Application | kde | konqueror | 3.2.2.6 | Yes |
| Application | kde | konqueror | 3.2.3 | Yes |
| Application | kde | konqueror | 3.3 | Yes |
| Application | kde | konqueror | 3.3.1 | Yes |
| Application | kde | konqueror | 3.3.2 | Yes |
| Operating System | mandrakesoft | mandrake_linux | 10.0 | Yes |
| Operating System | mandrakesoft | mandrake_linux | 10.0 | Yes |
| Operating System | mandrakesoft | mandrake_linux | 10.1 | Yes |
| Operating System | mandrakesoft | mandrake_linux | 10.1 | Yes |
| Operating System | redhat | fedora_core | core_2.0 | Yes |
| Operating System | redhat | fedora_core | core_3.0 | Yes |