Secunia Research: Opera Browser Address Bar Spoofing Vulnerability

======================================================================

                     Secunia Research 13/05/2003

                - Opera Browser Address Bar Spoofing -

======================================================================
Table of Contents
1....................................................Affected Software
2.............................................................Severity
3...............................................................Vendor
4.........................................Description of Vulnerability
5.............................................................Solution
6...........................................................Time Table
7..............................................................Credits
8........................................................About Secunia
9.........................................................Verification

======================================================================
1) Affected Software

Opera Browser 7.23 for Windows and Linux. Prior versions may also be
affected.

======================================================================
2) Severity

Rating:  Less Critical
Impact:  ID Spoofing
Where:   From remote

======================================================================
3) Vendor

Opera Software

Website:
http://www.opera.com/

======================================================================
4) Description of Vulnerability

The vulnerability is caused due to the Opera browser changing the
Address Bar as soon as the browser is "asked" to redirect to a new
page. However, using e.g. the BODY tag attribute "onUnload", it is
possible to abort the redirection without the address bar being
changed back.

This can be exploited by a malicious website to change the information
displayed in the Address Bar without leaving the page, which contains
data from the malicious website.

======================================================================
5) Solution

Update to version 7.50

======================================================================
6) Time Table

03/05/2004 - Vulnerability discovered.
03/05/2004 - Vendor informed.
13/05/2004 - Public Disclosure.

======================================================================
7) Credits

Discovered by Jakob Balle, Secunia Research.

======================================================================
8) About Secunia

Secunia collects, validates, assesses and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website: 

http://secunia.com/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2004-2/

======================================================================