[NT] Phishing for Opera

From: SecuriTeam (support_at_securiteam.com)
Date: 06/06/04

  • Next message: SecuriTeam: "[NT] Security Enhancements in Windows XP Service Pack 2"
    To: list@securiteam.com
    Date: 6 Jun 2004 19:10:20 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.

    - - - - - - - - -

      Phishing for Opera


     <http://www.opera.com/> Opera is "a cross-platform web browser". It is
    possible to use the shortcut icon (favicon) feature of Opera to fool a
    user into thinking he/she is in a trusted domain.


    Vulnerable Systems:
     * Opera browser version 7.50 and prior

    Immune Systems:
     * Opera browser version 7.51

    The problem stems from the fact that Opera allows icons wider than normal,
    enough for the icon to seem as though it is the address bar itself. While
    the icon hides the real address, the user might be fooled into believing
    that the browser is pointing to a trusted domain when in fact the user
    might be viewing and interacting with a different domain, one that is
    hostile or malicious.

    In order to make this problem feasible to exploit, the icon must look like
    the address bar containing a proper address. This however is not enough
    because the real address will still be shown to the right of the fake
    address. Unfortunately, this too can be circumvented by tricking Opera
    into showing the right-hand side of the attacking URL, while filling that
    side with spaces.

    In order to exploit this, create an image that looks like an address in
    Opera's address bar and use the following element to include it in a page:

    <link rel="shortcut icon" href="linkToFakeAddress.gif">

    A proof-of-concept is provided for this vulnerability. Point your Opera
    web browser to

    Vendor Status:
    The vendor has been informed and a newer version is available. Users are
    encouraged to upgrade to version 7.51.


    The information has been provided by <mailto:security@greymagic.com>
    GreyMagic Software.
    The original article can be found at:


    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NT] Security Enhancements in Windows XP Service Pack 2"