Advisory: Carefully timed reloads and redirects can spoof the address field
UPDATE Link: http://www.opera.com/fr/security/advisory/1014
Announced: March 26, 2012
Reporter: Security researcher Jordi Chancel
Fixed in: Opera 11.62
The address field should always show the address of the page that is being displayed. In certain cases, if a target site responds slowly, reloading an attacking page and redirecting to the target page can cause the address field to show the target site’s address, while the attacking site is still being displayed.
Opera Software has released Opera 11.62, where this issue has been fixed.
Thanks to Jordi Chancel for reporting this issue to Opera Software.
- Vidéo de démonstration :
-Security Researcher Jordi Chancel