Archive for mai 2014

[Opera Security Advisory DNA-19280] Address bar spoofing with Data URIs


Advisory: Address bar spoofing with Data URIs


UPDATE Link: http://www.opera.com/blogs/security/2014/05/security-changes-opera-21/


Announced: May 6, 2014
Reporter: Security researcher Jordi Chancel
Impact: Low
Products: Opera
Fixed in: Opera 21


Description

When a user chooses to open a link in a new tab, this should still display the address as normal. However, with Data URIs, Opera would accidentally right-align the address field, showing the wrong end of the address. Again, this could allow a specially crafted URL to show what appeared to be a domain name, but which was actually path data. As with the previous bug, it would be missing the domain highlight, but may be enough to fool some users.

Opera’s Response

Opera Software has released Opera 21, where this issue has been fixed.


Credits

Reported by Jordi Chancel.


  • Vidéo de démonstration :


-Security Researcher Jordi Chancel

[Opera Security Advisory DNA-18345] Address bar spoofing with downloads


Advisory: Address bar spoofing with downloads


UPDATE Link: http://www.opera.com/blogs/security/2014/05/security-changes-opera-21/


Announced: May 6, 2014
Reporter: Security researcher Jordi Chancel
Impact: Low
Products: Opera
Fixed in: Opera 21


Description

This unrelated bug only occurred when the user dragged and dropped a URL into the address bar, which started a download. The address bar would then be right aligned, showing the wrong end of the address. This could allow a specially crafted URL to show what appeared to be a domain name, but which was actually path data. It would be missing the domain highlight, but may be enough to fool some users.
Simultaneously, it would leave the address bar in edit state, showing the download address instead of the address of the currently displayed page. Since the user may not realise that they had changed the address and put the address bar into edit state, we have now changed this to show the address of the displayed page. We’ll go into more details about this issue in a future blog post.

Opera’s Response

Opera Software has released Opera 21, where this issue has been fixed.


Credits

Reported by Jordi Chancel.