Bug#278002: konqueror: shows dialog box from other tab (possible security implications)

[Zoran Dzelajlija]

Package: konqueror
Version: 4:3.3.0a-1
Severity: minor
Tags: security

Just confirming that the issue explained here:
http://secunia.com/secunia_research/2004-10/advisory/

exists in Debian package.  Please remove the security tag
if you think this is not really relevant security-wise.

You can check it for yourself at
http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

Be quick with opening the other window in the tab, or the dialog might
appear before the new tab opens.  If this happens, reload the test page
and then open the link in new tab, in less than 8 seconds.

The advisory said that upstream fixed this in 3.3.1.

Regards,
Zoran

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (800, 'testing'), (600, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-1-k7
Locale: LANG=C, LC_CTYPE=hr_HR

Versions of packages konqueror depends on:
ii  kcontrol                 4:3.1.3-1       KDE Control Center
ii  kdebase-kio-plugins      4:3.2.2-1       KDE I/O Slaves
ii  kdelibs4                 4:3.3.0-2       KDE core libraries
ii  kdesktop                 4:3.3.0a-1      KDE Desktop
ii  kfind                    4:3.3.0a-1      KDE File Find Utility
ii  libart-2.0-2             2.3.16-1        Library of functions for 2D graphi
ii  libc6                    2.3.2.ds1-16    GNU C Library: Shared libraries an
ii  libfam0c102              2.7.0-5         client library to control the FAM 
ii  libgcc1                  1:3.4.1-4sarge1 GCC support library
ii  libice6                  4.3.0.dfsg.1-4  Inter-Client Exchange library
ii  libidn11                 0.5.2-3         GNU libidn library, implementation
ii  libjpeg62                6b-9            The Independent JPEG Group's JPEG 
ii  libkonq4                 4:3.3.0a-1      Core libraries for KDE's file mana
ii  libpcre3                 4.5-1.1         Perl 5 Compatible Regular Expressi
ii  libpng12-0               1.2.5.0-7       PNG library - runtime
ii  libqt3c102-mt            3:3.3.3-4.1     Qt GUI Library (Threaded runtime v
ii  libsm6                   4.3.0.dfsg.1-4  X Window System Session Management
ii  libstdc++5               1:3.3.4-1       The GNU Standard C++ Library v3
ii  libx11-6                 4.3.0.dfsg.1-4  X Window System protocol client li
ii  libxext6                 4.3.0.dfsg.1-4  X Window System miscellaneous exte
ii  libxrender1              0.8.3-5         X Rendering Extension client libra
ii  xlibs                    4.3.0-2         X Window System client libraries m
ii  zlib1g                   1:1.2.1-3       compression library - runtime

-- debconf information excluded