Summary
This host is installed with rekonq and is prone to cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow attackers to crash fresh instance, inject the malicious content into error message, access the cookies when the hostname under which the cookies have been set.
Impact Level: Application.
Solution
Upgrade to version 0.6 or later,
For updates refer to http://sourceforge.net/projects/rekonq/files
Insight
The multiple flaws are due to:
- An error in the handling of a URL associated with a nonexistent domain name which is related to 'webpage.cpp',
- An error in hanlding of unspecified vectors related to 'webview.cpp' - An error in the handing of 'about:' views for favorites, bookmarks, closed tabs, and history.
Affected
Rekonq version 0.5 and prior.
References
Severity
Classification
-
CVE CVE-2010-2536 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)
- Apple Mac OS X Denial of Service Vulnerability
- Apple Safari Multiple Memory Corruption Vulnerabilities-03 Aug14 (Mac OS X)
- Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)