Archive for janvier 2014

[CVE-2014-1870] Address bar spoofing on Mac platform with drag and drop


Advisory: Address bar spoofing on Mac platform with drag and drop


CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1870


UPDATE Link: http://www.opera.com/blogs/security/2014/01/security-changes-features-opera-19/


Announced: January 31, 2014
Reporter: Security researcher Jordi Chancel
Impact: Low
Products: Opera
Fixed in: Opera 19


Description

Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.

Opera’s Response

Opera Software has released Opera 19, where this issue has been fixed.


Credits

Reported by Jordi Chancel.


  • Vidéo de démonstration :


-Security Researcher Jordi Chancel