Articles récents

Catégories

mars 2012

[CVE-2012-1925] Overlapping content can trick users into executing downloads

Advisory: Overlapping content can trick users into executing downloads CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1925 UPDATE Link: http://www.opera.com/fr/security/advisory/1011 Announced: March 26, 2012 Reporter: Security researcher Jordi Chancel Impact: High Products: Opera Fixed in: Opera 11.62 Description Dialogs such as the download dialog are usually displayed on top of page content, to ensure that the user knows that the dialog is requesting attention. In some cases, this policy was not implemented correctly in Opera, allowing

[CVE-2012-1924] Small windows can be used to trick users into executing downloads

Advisory: Small windows can be used to trick users into executing downloads CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1924 UPDATE Link: http://www.opera.com/fr/security/advisory/1010 Announced: March 26, 2012 Reporter: Security researcher Jordi Chancel Impact: High Products: Opera Fixed in: Opera 11.62 Description When the download dialog is displayed, it should always be visible to the user, to ensure that the user realizes it is there. If the dialog is displayed in a small enough window, the user

[CVE-2012-1928] Carefully timed reloads and redirects can spoof the address field

Advisory: Carefully timed reloads and redirects can spoof the address field CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1928 UPDATE Link: http://www.opera.com/fr/security/advisory/1014 Announced: March 26, 2012 Reporter: Security researcher Jordi Chancel Impact: Low Products: Opera Fixed in: Opera 11.62 Description The address field should always show the address of the page that is being displayed. In certain cases, if a target site responds slowly, reloading an attacking page and redirecting to the target page can cause