Opera Multiple URL Spoofing Vulnerabilities - Sep09 (Win)

Summary
This host is installed with Opera Web Browser and is prone to Multiple Spoof URL vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct URL spoofing, and bypass certain security restrictions. Impact Level: Application
Solution
Upgrade to Opera version 10.00 http://www.opera.com/browser/download/
Insight
- Opera fails to handle a '\0' character or invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate. - The Trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate. - Opera fails to check all intermediate X.509 certificates for revocation. - When a collapsed address bar is used, Opera does not properly update the domain name from the previously visited site to the currently visited site. - Opera fails to display all characters in Internationalized Domain Names (IDN) in the address bar.
Affected
Opera version prior to 10.00 on Windows.
References