Description: Eric Johanson has reported a security issue in Opera, which can be exploited by a malicious web site to spoof the URL displayed in the address bar, SSL certificate, and status bar. The problem is caused due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names. This can be exploited by registering domain names with certain international characters that resembles other commonly used characters, thereby causing the user to believe they are on a trusted site. Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/multiple_browsers_idn_spoofing_test/ The issue has been confirmed in Opera versions 7.54u1 and 7.54u2. Other versions may also be affected. Solution: Don't follow links from untrusted sources. Manually type the URL in the address bar.
8.0b2 "fixes" this, waiting for a final release.
I suppose this could be another workaround for certain sites. Have the wand enabled and a password saved for sites. If you go to a site that appears to be the same but see no yellow hilighting, leave the site.
8.0 is unleashed.
opera-8.00 is now in portage, but i'm against marking it stable, because it's a quite big step from 7.54
Heinrich how do you want to proceed? This bug is rather minor, we could perhaps keep it in ~ for a week and then call arches?
Yes, sounds good
Let's see if we can complete this one. x86, sparc, amd64: please test and mark stable if you can...
stable on amd64
Stable on SPARC.
lanius/tester please mark x86.
finally got time to test it on x86
Thanks Heinrich Ready for GLSA vote, my opinion on IDN things is that they should be handled at registrar level, so I vote NO (and I don't think we did a GLSA for Mozilla on those things)
I agree on NO GLSA -> closing. Feel free to reopen if you disagree.
