First published: Wed Mar 07 2007(Updated: )
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
KDE Konqueror | =3.5.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-1308 is considered a medium severity vulnerability that can lead to a denial of service by crashing the application.
To mitigate CVE-2007-1308, it is recommended to upgrade to a newer version of KDE that does not have this vulnerability.
CVE-2007-1308 allows remote attackers to cause a denial of service by exploiting a NULL pointer dereference when accessing certain iframe URIs.
CVE-2007-1308 specifically affects KDE Konqueror version 3.5.5.
There is no specific patch available, so upgrading to a non-affected version is the best way to address CVE-2007-1308.