======================================================================
Secunia Research 13/05/2003
- Opera Browser Address Bar Spoofing -
======================================================================
Table of Contents
1....................................................Affected Software
2.............................................................Severity
3...............................................................Vendor
4.........................................Description of Vulnerability
5.............................................................Solution
6...........................................................Time Table
7..............................................................Credits
8........................................................About Secunia
9.........................................................Verification
======================================================================
1) Affected Software
Opera Browser 7.23 for Windows and Linux. Prior versions may also be
affected.
======================================================================
2) Severity
Rating: Less Critical
Impact: ID Spoofing
Where: From remote
======================================================================
3) Vendor
Opera Software
Website:
http://www.opera.com/
======================================================================
4) Description of Vulnerability
The vulnerability is caused due to the Opera browser changing the
Address Bar as soon as the browser is "asked" to redirect to a new
page. However, using e.g. the BODY tag attribute "onUnload", it is
possible to abort the redirection without the address bar being
changed back.
This can be exploited by a malicious website to change the information
displayed in the Address Bar without leaving the page, which contains
data from the malicious website.
======================================================================
5) Solution
Update to version 7.50
======================================================================
6) Time Table
03/05/2004 - Vulnerability discovered.
03/05/2004 - Vendor informed.
13/05/2004 - Public Disclosure.
======================================================================
7) Credits
Discovered by Jakob Balle, Secunia Research.
======================================================================
8) About Secunia
Secunia collects, validates, assesses and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:
https://www.flexera.com/
======================================================================
9) Verification
Please verify this advisory by visiting the Secunia website:
https://www.flexera.com/about-us/secunia-research/advisories/sr-2004-2.html
======================================================================