Opera 18 (Mac OS X) spoof the address bar

2014.02.10
Credit: 0pera
Risk: Low
Local: No
Remote: Yes
CWE: CWE-noinfo


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Opera 19 is now been put through its paces on the Developer and Next channels, and is now out on the Stable channel. Opera 19 for Android has also recently been released. New features As with every release, each new feature goes through extensive testing, and that includes a security review. Changes to existing features are also tested in this way. The security review makes sure that there are no negative security implications of the new feature. Even seemingly unimportant features get this attention. For example, the Bookmarks bar (which can be turned on in the settings) has received a series of improvements. It also was reviewed to make sure it cannot be abused. It may not at first seem like a feature open for abuse, but it includes a warning when bookmarklets are dropped onto it, so that the user realises what they are dropping. While this would not be directly exploitable (it would require a user to comply with several manual steps before the bookmarklet could be used on a target site), we consider this to be a layer of protection for users. Security issue fixes The following security issue was fixed in Opera 19: DNA-14173; Low severity: Address bar spoofing on Mac platform with drag and drop, reported by Jordi Chancel Other privacy or security-related fixes and changes A couple of low-impact privacy bugs also got fixed in Opera for desktop, such as the zoom state of websites not being reset when clearing browsing data. These can be seen on the changelog. Such bugs cannot be abused by a remote attacker, so they are not actively exploitable. Opera on Android has some support for the "intent:" protocol, which allows it to interact with functionality provided by other locally installed products. This capability was reduced in Opera 18 for Android to prevent it from interacting with certain products. Recently, Takeshi Terada of Mitsui Bussan Secure Directions Inc. discovered a way to abuse the intent: protocol in Opera versions prior to Opera 18 for Android (JPCERT CVE-2014-0815). The interaction between two products could be used to reveal the contents of local data files such as the Opera cookie store. Although this is already prevented in Opera 18 for Android, we have now added extra restrictions in Opera 19, to prevent any further possibly unwanted product interactions.

References:

http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top