Jordi Chancel Research & Analysis Blog

Recherche et Exploitation de Vulnérabilités des Navigateurs Web

• Recherche en vulnérabilité informatique

[Opera Security Advisory DNA-19280] Address bar spoofing with Data URIs

6 mai 2014 admin Non classé Commentaires fermés sur [Opera Security Advisory DNA-19280] Address bar spoofing with Data URIs

---

Advisory: Address bar spoofing with Data URIs

---

UPDATE Link: http://www.opera.com/blogs/security/2014/05/security-changes-opera-21/

---

Announced: May 6, 2014
Reporter: Security researcher Jordi Chancel
Impact: Low
Products: Opera
Fixed in: Opera 21

---

Description

When a user chooses to open a link in a new tab, this should still display the address as normal. However, with Data URIs, Opera would accidentally right-align the address field, showing the wrong end of the address. Again, this could allow a specially crafted URL to show what appeared to be a domain name, but which was actually path data. As with the previous bug, it would be missing the domain highlight, but may be enough to fool some users.

Opera’s Response

Opera Software has released Opera 21, where this issue has been fixed.

---

Credits

Reported by Jordi Chancel.

---

• Vidéo de démonstration :

-Security Researcher Jordi Chancel

Comments are closed.

• Rechercher :

• Articles récents

  • [CVE-2017-7770] Addressbar spoofing with JavaScript events and fullscreen mode on Firefox for Android
  • [CVE-2017-5451] Addressbar spoofing with onblur event
  • [CVE-2017-5452] Addressbar spoofing during scrolling with editable content on Firefox for Android
  • [CVE-2017-5041] Google Chrome Location Bar URL & SSL Spoofing in Omnibox
  • [CVE-2017-5394] Android location bar spoofing using fullscreen and JavaScript events
  • [CVE-2017-5395] Android location bar spoofing during scrolling
  • [CVE-2016-5298] SSL indicator can mislead the user about the real URL visited
  • [CVE-2016-2822] Addressbar spoofing though the SELECT element
  • [CVE-2016-1967] Same-origin policy violation using perfomance.getEntries and history navigation with session restore
  • [CVE-2016-1941] Delay following click events in file download dialog too short on OS X
  • [CVE-2016-1943] Location Bar Spoofing Risk – scrollto leads to that the location bar is hidden
  • [CVE-2016-1942] Location bar continues displaying wyciwyg URI and resource URI if user tries to navigate to it manually
  • [CVE 2015-7186] Reading sensitive profile files through local HTML file on Android
  • [CVE 2015-7185] Firefox for Android addressbar can be removed after fullscreen mode
  • [CVE 2015-4476] Site attribute spoofing on Android by pasting URL with unknown scheme
  • [CVE 2015-0810] Cursor clickjacking with flash and images
  • [CVE 2014-1539] Clickjacking through cursor invisibility after Flash interaction
  • [Opera Security Advisory DNA-19280] Address bar spoofing with Data URIs
  • [Opera Security Advisory DNA-18345] Address bar spoofing with downloads
  • [CVE 2014-1480] UI selection timeout missing on download prompts
  • [CVE-2014-1870] Address bar spoofing on Mac platform with drag and drop
  • [CVE 2013-5593] Spoofing addressbar though SELECT element
  • [CVE 2012-4200] Location Bar URL and SSL Spoofing
  • [CVE 2012-3984] SELECT element persistance allows for attacks
  • [CVE-2012-6460] Truncated dialogs may be used to trick users
  • [CVE-2012-4143] Small windows can be used in several ways to trick users into executing downloads
  • [CVE-2012-3558] Carefully timed reloads, redirects, and navigation can spoof the address field
  • [CVE-2012-3556] A combination of clicks and key presses can lead to cross site scripting or code execution
  • [CVE-2012-3555] Hidden keyboard navigation can allow cross site scripting or code execution
  • [CVE 2012-0474] Page load short-circuit can lead to XSS
  • [CVE-2012-1925] Overlapping content can trick users into executing downloads
  • [CVE-2012-1924] Small windows can be used to trick users into executing downloads
  • [CVE-2012-1928] Carefully timed reloads and redirects can spoof the address field
  • [CVE-2011-2845] URL bar spoof in history handling (URL & SSL indicator Spoofing)
  • [CVE-2011-3875] URL bar spoof with drag+drop of URLs
  • [CVE-2011-2848] URL bar spoof with forward button / Possible URL Bar Spoofing when history.forward() is ignored using forward button
  • [CVE 2011-2377] Memory corruption due to multipart/x-mixed-replace images
  • [CVE-2011-1452] URL bar spoof with redirect and manual reload / URL Bar Spoofing using redirection and location.reload()
  • [CVE 2011-0061] Buffer OverFlow/Crash caused by corrupted JPEG image
  • [CVE-2011-1107] Google Chrome Location Bar URL/SSL Spoofing And Login/Password stealing
  • [CVE-2011-0682] Large form inputs can allow execution of arbitrary code
  • [CVE 2010-4045] Opera 10.62 Reloads and redirects can allow spoofing, universal cross site scripting and Command/code Execution
  • [CVE 2010-2751] SSL spoofing with history.back() and history.forward()
  • [CVE-2010-1663] Google Chrome Cross Origin Bypass in Google URL (GURL)
  • [CVE 2009-3985] URL spoofing via invalid document.location

• Commentaires récents

  • Maor Shwartz dans Recherche en vulnérabilité informatique

• Archives

  • juin 2017
  • avril 2017
  • mars 2017
  • janvier 2017
  • novembre 2016
  • juin 2016
  • mars 2016
  • janvier 2016
  • novembre 2015
  • septembre 2015
  • mars 2015
  • juin 2014
  • mai 2014
  • février 2014
  • janvier 2014
  • octobre 2013
  • novembre 2012
  • octobre 2012
  • août 2012
  • juin 2012
  • avril 2012
  • mars 2012
  • octobre 2011
  • septembre 2011
  • juin 2011
  • avril 2011
  • mars 2011
  • février 2011
  • janvier 2011
  • octobre 2010
  • juillet 2010
  • avril 2010
  • décembre 2009

• Catégories

  • Non classé

• Méta

  • Connexion
  • Flux RSS des articles
  • RSS des commentaires
  • Site de WordPress-FR