Opera Security Status Bug May Let Remote Users Make Non-Secure Pages Appear to Be Secure
|
|
SecurityTracker Alert ID: 1020721
|
|
SecurityTracker URL: http://securitytracker.com/id?1020721
|
|
CVE Reference: CVE-2008-4198
(Links to External Site)
|
Updated: Mar 19 2009
|
Original Entry Date: Aug 20 2008
|
Impact: Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 9.52
|
Description: A vulnerability was reported in Opera. A remote user can cause a non-secure web page to appear to be secure.
A remote user can create a non-secure web page that loads content from a secure site into a frame. Opera will incorrectly indicate
that the the non-secure web page is a secure web page.
The browser will display the padlock icon and the security dialog will
indicate that the connection is secure but will not display certificate information.
Lars Kleinschmidt reported this vulnerability.
|
Impact: A remote user can cause a non-secure web page to appear to be secure.
|
Solution: The vendor has issued a fixed version (9.52).
The vendor's advisory is available at:
http://www.opera.com/support/search/view/895/
|
Vendor URL: www.opera.com/support/search/view/895/ (Links to External Site)
|
Cause: State error
|
Underlying OS: Linux (Any), UNIX (FreeBSD), UNIX (OS X), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 20 Aug 2008 15:59:46 -0400
Subject: Opera
|
http://www.opera.com/support/search/view/895/
|
|
