lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4FDD1F4F.8000800@gmail.com>
Date: Sun, 17 Jun 2012 08:05:35 +0800
From: Code Audit Labs <vulnhunt@...il.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: [CAL-2012-0015] opera website spoof

thank cve assign a cve id: CVE-2012-3560 to this.

于 2012/6/14 18:48, Code Audit Labs 写道:
>      CAL-2012-0015 opera website spoof
> 
> 
> CVE ID: Opera did not assign ,please cve@...re.org assign
> CAL ID: CAL-2012-0015
> ref:
> http://blog.vulnhunt.com/index.php/2012/06/14/cal-2012-0015-opera-website-spoof/
> 
> 
> 1 Affected Products
> =================
> 11.61 and prior
> 
> 
> 2 Vulnerability Details
> =====================
> 
> Code Audit Labs http://www.vulnhunt.com has discovered a website
> spoof vulnerability in Opera .When a user types a new URL for the
> browser to load, the currently active page may detect when the
> new page is about to load and prevent the navigation, while still
> leaving the new URL displayed in the address bar. This can then be
> used to spoof the URL of the target page. The malicious page would
> need to employ social engineering tactics in order to guess what
> page the user is likely to try to load next, as it cannot see what
>  URL the user has typed.
> 
> 
> 3: how to fixed
> ==========
> Opera Software has released Opera 12 and Opera 11.65,
> where this issue has been fixed.
> http://www.opera.com/support/kb/view/1022/
> 
> 
> 4 About Code Audit Labs:
> =====================
> Code Audit Labs secure your software,provide Professional include source
> code audit and binary code audit service.
> Code Audit Labs:” You create value for customer,We protect your value”
> 
> http://www.VulnHunt.com
> http://blog.Vulnhunt.com
> http://t.qq.com/vulnhunt
> http://weibo.com/vulnhunt
> https://twitter.com/vulnhunt
> 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ