Title: Opera Web Browser HTML Form Status Bar Misrepresentation Vulnerability
Severity: MODERATE
Description:
Opera is a Web browser available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.
The issue presents itself when an attacker creates an HTML form with the submit 'href' or 'title' properties set to a legitimate site and the 'action' property set to the attacker-specified site. This could aid in exploitation of other known browser vulnerabilities as the attacker now has a means to surreptitiously lure a victim user to a malicious site.
This vulnerability would most likely be exploited through HTML e-mail, though other attack vectors exist such as HTML injection attacks in third-party Web applications.
Affected Products:
- Opera Software Opera Web Browser 8.0.0
- Opera Software Opera Web Browser 8.0.0 1
- Opera Software Opera Web Browser 8.0.0 2
- Opera Software Opera Web Browser 8.50.0
References:
- Opera Software: Opera Web Browser Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
