CVE-2004-1158

Publication date 10 January 2005

Last updated 17 July 2025

Ubuntu priority

Description

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
kdebase	7.04 feisty	Fixed 3.5.6-0ubuntu20.2
	6.10 edgy	Fixed 3.5.5-0ubuntu3.5
	6.06 LTS dapper	Fixed 3.5.2-0ubuntu27.1
kdelibs	7.04 feisty	Fixed 3.5.6-0ubuntu14.1
	6.10 edgy	Fixed 3.5.5-0ubuntu3.5
	6.06 LTS dapper	Fixed 3.5.2-0ubuntu18.5

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2004-1158