====================================================================== Secunia Research 13/05/2003 - Opera Browser Address Bar Spoofing - ====================================================================== Table of Contents 1....................................................Affected Software 2.............................................................Severity 3...............................................................Vendor 4.........................................Description of Vulnerability 5.............................................................Solution 6...........................................................Time Table 7..............................................................Credits 8........................................................About Secunia 9.........................................................Verification ====================================================================== 1) Affected Software Opera Browser 7.23 for Windows and Linux. Prior versions may also be affected. ====================================================================== 2) Severity Rating: Less Critical Impact: ID Spoofing Where: From remote ====================================================================== 3) Vendor Opera Software Website: http://www.opera.com/ ====================================================================== 4) Description of Vulnerability The vulnerability is caused due to the Opera browser changing the Address Bar as soon as the browser is "asked" to redirect to a new page. However, using e.g. the BODY tag attribute "onUnload", it is possible to abort the redirection without the address bar being changed back. This can be exploited by a malicious website to change the information displayed in the Address Bar without leaving the page, which contains data from the malicious website. ====================================================================== 5) Solution Update to version 7.50 ====================================================================== 6) Time Table 03/05/2004 - Vulnerability discovered. 03/05/2004 - Vendor informed. 13/05/2004 - Public Disclosure. ====================================================================== 7) Credits Discovered by Jakob Balle, Secunia Research. ====================================================================== 8) About Secunia Secunia collects, validates, assesses and writes advisories regarding all the latest software vulnerabilities disclosed to the public. These advisories are gathered in a publicly available database at the Secunia website: https://www.flexera.com/ ====================================================================== 9) Verification Please verify this advisory by visiting the Secunia website: https://www.flexera.com/about-us/secunia-research/advisories/sr-2004-2.html ======================================================================