[NT] Phishing for Opera

• Previous message: SecuriTeam: "[UNIX] Mkdir Buffer Overflow Vulnerability in UNIX Seventh Edition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 6 Jun 2004 19:10:20 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  Phishing for Opera
------------------------------------------------------------------------

SUMMARY

 <http://www.opera.com/> Opera is "a cross-platform web browser". It is
possible to use the shortcut icon (favicon) feature of Opera to fool a
user into thinking he/she is in a trusted domain.

DETAILS

Vulnerable Systems:
 * Opera browser version 7.50 and prior

Immune Systems:
 * Opera browser version 7.51

The problem stems from the fact that Opera allows icons wider than normal,
enough for the icon to seem as though it is the address bar itself. While
the icon hides the real address, the user might be fooled into believing
that the browser is pointing to a trusted domain when in fact the user
might be viewing and interacting with a different domain, one that is
hostile or malicious.

In order to make this problem feasible to exploit, the icon must look like
the address bar containing a proper address. This however is not enough
because the real address will still be shown to the right of the fake
address. Unfortunately, this too can be circumvented by tricking Opera
into showing the right-hand side of the attacking URL, while filling that
side with spaces.

In order to exploit this, create an image that looks like an address in
Opera's address bar and use the following element to include it in a page:

<link rel="shortcut icon" href="linkToFakeAddress.gif">

A proof-of-concept is provided for this vulnerability. Point your Opera
web browser to
<http://security.greymagic.com/security/advisories/gm007-op/>
http://security.greymagic.com/security/advisories/gm007-op/.

Vendor Status:
The vendor has been informed and a newer version is available. Users are
encouraged to upgrade to version 7.51.

ADDITIONAL INFORMATION

The information has been provided by <mailto:security@greymagic.com>
GreyMagic Software.
The original article can be found at:
<http://www.greymagic.com/security/advisories/gm007-op/>
http://www.greymagic.com/security/advisories/gm007-op/

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[UNIX] Mkdir Buffer Overflow Vulnerability in UNIX Seventh Edition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]