Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Windows >> Opera web browser address bar spoofing weakness (2)

Vulnerability Assessment Details

Opera web browser address bar spoofing weakness (2)

Vulnerability Assessment Summary
Acertains the version of Opera.exe

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote host contains a web browser that is vulnerable to
address bar spoofing attacks.

Description :

The version of Opera is vulnerable to a security weakness that may
permit malicious web pages to spoof address bar information. It is
reported that the 'favicon' feature can be used to spoof the domain of
a malicious web page. A possible hacker can create an icon that includes
the text of the desired site and is similar to the way Opera displays
information in the address bar. The attacker can then obfuscate the
real address with spaces.

This issue can be used to spoof information in the address bar, page
bar and page/window cycler.

See also :

http://www.greymagic.com/security/advisories/gm007-op/
http://www.opera.com/windows/changelogs/751/

Solution :

Install to Opera 7.51 or newer.

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:N/A:N/I:P/B:N)

Networks Security ID: 10452

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 David Maciejak

Cables, Connectors