[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4FDD1F4F.8000800@gmail.com>
Date: Sun, 17 Jun 2012 08:05:35 +0800
From: Code Audit Labs <vulnhunt@...il.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: [CAL-2012-0015] opera website spoof
thank cve assign a cve id: CVE-2012-3560 to this.
于 2012/6/14 18:48, Code Audit Labs 写道:
> CAL-2012-0015 opera website spoof
>
>
> CVE ID: Opera did not assign ,please cve@...re.org assign
> CAL ID: CAL-2012-0015
> ref:
> http://blog.vulnhunt.com/index.php/2012/06/14/cal-2012-0015-opera-website-spoof/
>
>
> 1 Affected Products
> =================
> 11.61 and prior
>
>
> 2 Vulnerability Details
> =====================
>
> Code Audit Labs http://www.vulnhunt.com has discovered a website
> spoof vulnerability in Opera .When a user types a new URL for the
> browser to load, the currently active page may detect when the
> new page is about to load and prevent the navigation, while still
> leaving the new URL displayed in the address bar. This can then be
> used to spoof the URL of the target page. The malicious page would
> need to employ social engineering tactics in order to guess what
> page the user is likely to try to load next, as it cannot see what
> URL the user has typed.
>
>
> 3: how to fixed
> ==========
> Opera Software has released Opera 12 and Opera 11.65,
> where this issue has been fixed.
> http://www.opera.com/support/kb/view/1022/
>
>
> 4 About Code Audit Labs:
> =====================
> Code Audit Labs secure your software,provide Professional include source
> code audit and binary code audit service.
> Code Audit Labs:” You create value for customer,We protect your value”
>
> http://www.VulnHunt.com
> http://blog.Vulnhunt.com
> http://t.qq.com/vulnhunt
> http://weibo.com/vulnhunt
> https://twitter.com/vulnhunt
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists