NASLDB: Opera < 7.50 onUnload Address Bar Spoofing
General
ID: 14244
Name: Opera < 7.50 onUnload Address Bar Spoofing
Summary: Determines the version of Opera.exe
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Port: –
Family: Windows
Type: Local
Description
The remote host is using Opera – an alternative web browser.
This version of Opera is vulnerable to a security weakness
that may permit malicious web pages to spoof address bar information.
This is reportedly possible through malicious use of the
JavaScript ‘unOnload’ event handler when the browser
is redirected to another page.
This issue could be exploited to spoof the domain of a malicious web page,
potentially causing the user to trust the spoofed domain.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2004-2260
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2004/05/13
Patch Release: –
Plugin Release: 2004/08/10
Plugin
Version: 1.17
Filename: opera_address_bar_spoofing.nasl
Filesize: 2637 bytes
MD5 Hash: 9f4a9cea9b5dc197b1a22a6ccb087531
Identification: SMB/Opera/Version_UI
Require Keys: SMB/Opera/Version
Dependencies: "opera_installed.nasl"
Copyright: This script is Copyright© 2004-2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack