SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
Opera Browser Shortcut Icon May Cover URL Addresses
SecurityTracker Alert ID:  1010374
SecurityTracker URL:  http://securitytracker.com/id/1010374
CVE Reference:   CVE-2004-0537   (Links to External Site)
Updated:  Jun 8 2004
Original Entry Date:  Jun 3 2004
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 7.50 and prior versions
Description:   A vulnerability was reported in the Opera browser. A remote user can spoof various status bars using a shortcut icon.

The vendor reported that a remote user can create a specially crafted shortcut icon file of an unusually wide size to cover the URL in the address line. The URLs in the address bar, page bar, and page/window cycler are affected.

The vendor credits GreyMagic with discovering this flaw.

GreyMagic indicates that a remote user can create an image that looks like an address in Opera's address bar and can include the shortcut icon with the following HTML:

<link rel="shortcut icon" href="linkToFakeAddress.gif"> A demonstration exploit example is available at:

http://security.greymagic.com/security/advisories/gm007-op/

The vendor was reportedly notified on May 19, 2004.

Impact:   A remote user can cause the address bar to appear to display an alternate URL.
Solution:   The vendor has released a fixed version (7.51), available at:

http://www.opera.com/download/

Vendor URL:  www.opera.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 3 2004 (Original Advisory is Available) Opera Browser Shortcut Icon May Cover URL Addresses
GreyMagic has released their advisory.



 Source Message Contents

Subject:  http://www.opera.com/windows/changelogs/751/


http://www.opera.com/windows/changelogs/751/

 > New in Opera 7.51

 > Security

 > Restricted image size in address bar, page bar and page/window cycler. This addresses
 > issue reported in GreyMagic security advisory GM#007-OP: wide favicons could cover URL
 > in the address line.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC