Title: Opera Web Browser IFrame OnLoad Address Bar URL Obfuscation Weakness
Severity: MODERATE
Description:
Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information.
The problem is reported to present itself due to a race condition exploited when an unsuspecting user loads a malicious HTML document. Apparently an iframe embedded inside a web page with a JavaScript 'onload' handler that specifies the 'location.href' parameter as the spoofed URI may allow an attacker to manipulate what is displayed in the address bar of the affected web browser.
It is currently not known if this issue is related to the Opera Web Browser Address Bar Spoofing Weakness reported in BID 10337. As more information becomes available this BID will be updated.
This issue may be leveraged by an attacker to display false information in the address bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to be derived from a trusted location. This may facilitate phishing attacks; attempted theft of user information for the purpose of identity theft.
This issue is reported to affect Opera Web Browser version 7.52, it is likely that other versions are affected as well.
Affected Products:
- Opera Software Opera Web Browser 7.50.0
- Opera Software Opera Web Browser 7.51.0
- Opera Software Opera Web Browser 7.52.0
References:
- Opera Software: Opera 7.53 for Linux Changelog
- Opera Software: Opera Web Browser Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
