Opera Browser Shortcut Icon May Cover URL Addresses
|
|
SecurityTracker Alert ID: 1010374
|
|
SecurityTracker URL: http://securitytracker.com/id?1010374
|
|
CVE Reference: CAN-2004-0537
(Links to External Site)
|
Updated: Jun 8 2004
|
Original Entry Date: Jun 3 2004
|
Impact: Modification of system information
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 7.50 and prior versions
|
Description: A vulnerability was reported in the Opera browser. A remote user can spoof various status bars using a shortcut icon.
The vendor reported that a remote user can create a specially crafted shortcut icon file of an unusually wide size to cover the URL
in the address line. The URLs in the address bar, page bar, and page/window cycler are affected.
The vendor credits GreyMagic
with discovering this flaw.
GreyMagic indicates that a remote user can create an image that looks like an address in Opera's
address bar and can include the shortcut icon with the following HTML:
<link rel="shortcut icon" href="linkToFakeAddress.gif">
A demonstration exploit example is available at:
http://security.greymagic.com/security/advisories/gm007-op/
The vendor was
reportedly notified on May 19, 2004.
|
Impact: A remote user can cause the address bar to appear to display an alternate URL.
|
Solution: The vendor has released a fixed version (7.51), available at:
http://www.opera.com/download/
|
Vendor URL: www.opera.com/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 03 Jun 2004 07:19:46 -0400
Subject: http://www.opera.com/windows/changelogs/751/
|
http://www.opera.com/windows/changelogs/751/
> New in Opera 7.51
> Security
> Restricted image size in address bar, page bar and page/window cycler. This addresses
> issue reported in GreyMagic security advisory GM#007-OP: wide favicons could cover URL
> in the address line.
|
|
