In association with heise online

23 March 2007, 13:50

FTP rerouting also possible in Opera and Konqueror

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The security hole that was closed this week in Firefox, with versions and, now also affects the Opera and Konqueror Web browsers. Attackers may be able to exploit the vulnerability to spy on network topology by means of manipulated FTP servers. The FTP command PASV not only allows an alternative port to be sent to the FTP client in the browser for a connection, but also the respective IP address. Those who discovered the flaw at reported it to the browser vendors at the end of January of 2007. They say that they have yet to receive an answer from Mozilla, though the developers have already closed the hole. Likewise, the developers of Opera also have not responded. The KDE developer team is apparently still discussing how severe the hole is. They have, however, already developed a patch to prevent the kind of crashes that one of the examples given at causes in Konqueror. Opera 9.10 and Konqueror 3.5.5 are affected. It is not yet clear whether and when the vendors will be releasing patched versions. Until then, users can implement a workaround: either do not follow any FTP links from your browser, or disable JavaScript support. For more information, see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit