[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [CAL-2012-0015] opera website spoof
thank cve assign a cve id: CVE-2012-3560 to this.
于 2012/6/14 18:48, Code Audit Labs 写道:
> CAL-2012-0015 opera website spoof
> CVE ID: Opera did not assign ,please cve@xxxxxxxxx assign
> CAL ID: CAL-2012-0015
> 1 Affected Products
> 11.61 and prior
> 2 Vulnerability Details
> Code Audit Labs http://www.vulnhunt.com has discovered a website
> spoof vulnerability in Opera .When a user types a new URL for the
> browser to load, the currently active page may detect when the
> new page is about to load and prevent the navigation, while still
> leaving the new URL displayed in the address bar. This can then be
> used to spoof the URL of the target page. The malicious page would
> need to employ social engineering tactics in order to guess what
> page the user is likely to try to load next, as it cannot see what
> URL the user has typed.
> 3: how to fixed
> Opera Software has released Opera 12 and Opera 11.65,
> where this issue has been fixed.
> 4 About Code Audit Labs:
> Code Audit Labs secure your software,provide Professional include source
> code audit and binary code audit service.
> Code Audit Labs:” You create value for customer,We protect your value”