Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
Software | From | Fixed in |
---|---|---|
suse / suse_linux | 8 | 8.x |
suse / suse_linux | 8.1 | 8.1.x |
suse / suse_linux | 8.2 | 8.2.x |
suse / suse_linux | 9.0 | 9.0.x |
suse / suse_linux | 9.1 | 9.1.x |
kde / kde | 3.1.3 | 3.1.3.x |
kde / kde | 3.2 | 3.2.x |
mandrakesoft / mandrake_linux | 10.0 | 10.0.x |
mandrakesoft / mandrake_linux | 9.2 | 9.2.x |
kde / konqueror | 3.0 | 3.0.x |
kde / konqueror | 3.0.1 | 3.0.1.x |
kde / konqueror | 3.0.2 | 3.0.2.x |
kde / konqueror | 3.0.3 | 3.0.3.x |
kde / konqueror | 3.0.5 | 3.0.5.x |
kde / konqueror | 3.0.5b | 3.0.5b.x |
kde / konqueror | 3.1 | 3.1.x |
kde / konqueror | 3.1.1 | 3.1.1.x |
kde / konqueror | 3.1.2 | 3.1.2.x |
kde / konqueror | 3.1.3 | 3.1.3.x |
kde / konqueror | 3.1.5 | 3.1.5.x |
kde / konqueror | 3.2.1 | 3.2.1.x |
kde / konqueror | 3.2.3 | 3.2.3.x |
gentoo / linux | 1.4 | 1.4.x |