Opera favicon address spoofing
| opera-favicon-spoofing (16307) |  Medium Risk |
Description:
Opera is vulnerable to address spoofing, caused by a vulnerability with the displaying of favicons in the address bar. A remote attacker could create an icon containing text from a malicious site, which would resemble the way Opera displays addresses within the address bar. This would allow the attacker to trick the user into visiting the spoofed Web page and possibly obtain sensitive information.
Consequences:
Obtain Information
Remedy:
Upgrade to the latest version of Opera (7.51 or later), available from the Opera Web site. See References.
References:
- Opera Web site: Changelog for Opera 7.51 for Windows.
- BID-10452: Opera Browser Favicon Address Bar Spoofing Weakness
- CVE-2004-0537: Opera 7.50 and earlier allows remote web sites to provide a Shortcut Icon (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces.
- OSVDB ID: 6590: Opera favicon.ico Address Bar Spoofing
- SA11762: Opera Browser Favicon Displaying Address Bar Spoofing Vulnerability
Platforms Affected:
- Opera Opera Browser 7.50 and prior
Reported:
Jun 03, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net