Advisory: Overlapping content can trick users into executing downloads
UPDATE Link: http://www.opera.com/fr/security/advisory/1011
Announced: March 26, 2012
Reporter: Security researcher Jordi Chancel
Fixed in: Opera 11.62
Dialogs such as the download dialog are usually displayed on top of page content, to ensure that the user knows that the dialog is requesting attention. In some cases, this policy was not implemented correctly in Opera, allowing certain page content to overlay the dialog. In these cases, clicking the page content causes the dialog to be clicked instead. While an attacker may not have much control over the appearance of the overlapping content, they may be able to use it to trick the user into performing harmful actions, such as running a downloaded executable.
Opera Software has released Opera 11.62, where this issue has been fixed.
Thanks to Jordi Chancel for reporting this issue to Opera Software.
- Vidéo de démonstration :
-Security Researcher Jordi Chancel