Opera SSL Certificate "Stealing" Weakness
Secunia Advisory: SA19480 Print Advisory
Release Date: 2006-06-28
Critical:
Not critical
Impact: Spoofing
Where: From remote
Solution Status: Vendor Patch
Software: Opera 8.x
Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.
Description:
Secunia Research has discovered a weakness in Opera, which can be
exploited to display the SSL certificate from a trusted site on an
untrusted site.
The weakness is caused due to Opera not resetting the SSL security bar
after displaying a download dialog from a SSL enabled web site. This
allows an untrusted web site to display yellow SSL security bar from a
trusted web site.
NOTE: A more convincing exploit can be done using pop-up windows, which
do not have a visible address bar.
The weakness has been confirmed in Opera 8.54. Prior versions may also
be affected.
Solution:
Upgrade to version 9.0.
Provided and/or discovered by:
Jakob Balle, Secunia Research.
Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2006-49/
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
