FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

opera -- "data:" URI handler spoofing vulnerability

Affected packages
linux-opera < 7.54.20050131
opera < 7.54.20050131
opera-devel < 7.54.20050131

Details

VuXML ID 20c9bb14-81e6-11d9-a9e7-0001020eed82
Discovery 2005-01-12
Entry 2005-02-18

A Secunia Advisory reports:

Michael Holzt has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files.

The vulnerability is caused due to an error in the processing of "data:" URIs, causing wrong information to be shown in a download dialog. This can be exploited by e.g. a malicious website to trick users into executing a malicious file by supplying a specially crafted "data:" URI.

[source]

References

CERT/CC Vulnerability Note 882926
CVE Name CVE-2005-0456
URL http://secunia.com/advisories/13818/
URL http://www.opera.com/freebsd/changelogs/754u2/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.