Opera favicon.ico Address Bar Spoofing

2004-06-03T05:29:19
ID OSVDB:6590
Type osvdb
Reporter Grey Magic Software(), Tom Gilder()
Modified 2004-06-03T05:29:19

Description

Vulnerability Description

Opera Web Browser contains a flaw that may allow a malicious user to spoof a trusted web site. The issue is triggered when a favicon.ico image is crafted to resemble the text of a trusted web site address. It is possible that the flaw may allow impersonation of a trusted web site resulting in a loss of integrity.

Solution Description

Upgrade to version 7.51 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Opera Web Browser contains a flaw that may allow a malicious user to spoof a trusted web site. The issue is triggered when a favicon.ico image is crafted to resemble the text of a trusted web site address. It is possible that the flaw may allow impersonation of a trusted web site resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:11762 Other Advisory URL: http://www.greymagic.com/security/advisories/gm007-op/ Mail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=108626969215914&w=2 Keyword: GM#007-OP CVE-2004-0537