header-logo
Suggest Exploit
vendor:
Opera Web Browser
by:
4
CVSS
MEDIUM
Address Bar Spoofing
200
CWE
Product Name: Opera Web Browser
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Opera Web Browser Address Bar Spoofing Vulnerability

Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information. This issue is due to a race condition error.This issue may be leveraged by an attacker to display false information in the address bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to be derived from a trusted location. This may facilitate phishing attacks; attempted theft of user information for the purpose of identity theft.

Mitigation:

Update to the latest version of the Opera Web Browser.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10810/info

Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information. This issue is due to a race condition error.

This issue may be leveraged by an attacker to display false information in the address bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to be derived from a trusted location. This may facilitate phishing attacks; attempted theft of user information for the purpose of identity theft.

<script>
function fake() {
 oc=window.open('http://www.opera.com/', '','location=1');
 oc.location.replace('http://www.example.com');
}
[/script]
<a href="javascript:void(0);" onClick="fake()">http://www.opera.com/</a>

Navigation

Suggest Exploit

Services By CQR