Opera Web Browser Address Bar Spoofing Weakness (2) Network Vulnerability

Summary

The remote host contains a web browser that is vulnerable to address bar spoofing attacks. Description : The remote host is using Opera, an alternative web browser. This version of Opera is vulnerable to a security weakness that may permit malicious web pages to spoof address bar information. It is reported that the 'favicon' feature can be used to spoof the domain of a malicious web page. An attacker can create an icon that includes the text of the desired site and is similar to the way Opera displays information in the address bar. The attacker can then obfuscate the real address with spaces. This issue can be used to spoof information in the address bar, page bar and page/window cycler.

Solution

Install to Opera 7.51 or newer.

References

http://www.greymagic.com/security/advisories/gm007-op/
http://www.opera.com/windows/changelogs/751/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-0537

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Microsoft Update to Improve Cryptography and Digital Certificate Handling (2854544)
Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
PuTTY SSH2 authentication password persistence weakness
MS IE Information Disclosure and Web Site Spoofing Vulnerabilities
Microsoft RDP Server Private Key Information Disclosure Vulnerability

Opera web browser address bar spoofing weakness (2)

Take action and discover your vulnerabilities