Opera Browser Shortcut Icon May Cover URL Addresses
|
|
SecurityTracker Alert ID: 1010374 |
|
SecurityTracker URL: http://securitytracker.com/id/1010374
|
|
CVE Reference:
CAN-2004-0537
(Links to External Site)
|
Updated: Jun 8 2004
|
Original Entry Date: Jun 3 2004
|
Impact:
Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 7.50 and prior versions
|
Description:
A vulnerability was reported in the Opera browser. A remote user can spoof various status bars using a shortcut icon.
The vendor reported that a remote user can create a specially crafted shortcut icon file of an unusually wide size to cover the URL in the address line. The URLs in the address bar, page bar, and page/window cycler are affected.
The vendor credits GreyMagic with discovering this flaw.
GreyMagic indicates that a remote user can create an image that looks like an address in Opera's address bar and can include the shortcut icon with the following HTML:
<link rel="shortcut icon" href="linkToFakeAddress.gif"> A demonstration exploit example is available at:
http://security.greymagic.com/security/advisories/gm007-op/
The vendor was reportedly notified on May 19, 2004.
|
Impact:
A remote user can cause the address bar to appear to display an alternate URL.
|
Solution:
The vendor has released a fixed version (7.51), available at:
http://www.opera.com/download/
|
Vendor URL: www.opera.com/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 03 Jun 2004 07:19:46 -0400
Subject: http://www.opera.com/windows/changelogs/751/
|
http://www.opera.com/windows/changelogs/751/
> New in Opera 7.51
> Security
> Restricted image size in address bar, page bar and page/window cycler. This addresses
> issue reported in GreyMagic security advisory GM#007-OP: wide favicons could cover URL
> in the address line.
|
|
