Advisory: Address bar spoofing with Data URIs
UPDATE Link: http://www.opera.com/blogs/security/2014/05/security-changes-opera-21/
Announced: May 6, 2014
Reporter: Security researcher Jordi Chancel
Fixed in: Opera 21
When a user chooses to open a link in a new tab, this should still display the address as normal. However, with Data URIs, Opera would accidentally right-align the address field, showing the wrong end of the address. Again, this could allow a specially crafted URL to show what appeared to be a domain name, but which was actually path data. As with the previous bug, it would be missing the domain highlight, but may be enough to fool some users.
Opera Software has released Opera 21, where this issue has been fixed.
Reported by Jordi Chancel.
- Vidéo de démonstration :
-Security Researcher Jordi Chancel