[CVE-2012-3558] Carefully timed reloads, redirects, and navigation can spoof the address field


Advisory: Carefully timed reloads, redirects, and navigation can spoof the address field


CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3558


UPDATE Link: http://www.opera.com/fr/security/advisory/1018


Announced: June 12, 2012
Reporter: Security researcher Jordi Chancel
Impact: Low
Products: Opera
Fixed in: Opera 12 and Opera 11.65


Description

The address field should always show the address of the page that is being displayed. Certain types of navigation, combined with reloads and redirects to a slowly-responding target site can cause the address field to show the target site’s address, while the attacking site is still being displayed.

Opera’s Response

Opera Software has released Opera 12 and Opera 11.65, where this issue has been fixed.


Credits

Thanks to Jordi Chancel for reporting this issue to Opera Software.


  • Vidéo de démonstration :


-Security Researcher Jordi Chancel

Comments are closed.