mortello
Jun 8 2004, 03:42 PM
Opera Browser Favicon Address Bar Spoofing Weakness
| CODE |
bugtraq id 10452
object
class Design Error
cve CVE-MAP-NOMATCH
remote Yes
local No
published Jun 03, 2004
updated Jun 03, 2004
vulnerable Opera Software Opera Web Browser 7.23
Opera Software Opera Web Browser 7.50
not vulnerable Opera Software Opera Web Browser 7.51
Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information. It is reported that the 'favicon' feature can be used to spoof the domain of a malicious web page. An attacker can create an icon that includes the text of the desired site and is similar to the way Opera displays information in the address bar. The attacker can then obfuscate the real address with spaces.
This issue can be used to spoof information in the address bar, page bar and page/window cycler.
The vulnerability reportedly affects Opera 7.23 and 7.50. It is likely that previous versions are affected as well.
Opera version 7.51 is available to address this issue:
Opera Software Opera Web Browser 7.23:
Opera Software Upgrade Opera 7.51
http://www.opera.com/download/
Opera Software Opera Web Browser 7.50:
Opera Software Upgrade Opera 7.51
http://www.opera.com/download/
|
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
