Secunia Research: Opera SSL Certificate "Stealing" Weakness

======================================================================

                     Secunia Research 28/06/2006

            - Opera SSL Certificate "Stealing" Weakness -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerabilities.......................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

Opera 8.54

Prior versions may also be affected.

======================================================================
2) Severity

Rating: Not critical
Impact: Spoofing
Where:  From remote

======================================================================
3) Description of Vulnerabilities

Secunia Research has discovered a weakness in Opera, which can be
exploited to display the SSL certificate from a trusted site on an
untrusted site.

The weakness is caused due to Opera not resetting the SSL security
bar after displaying a download dialog from a SSL enabled web site.
This allows an untrusted web site to display yellow SSL security bar
from a trusted web site.

NOTE: A more convincing exploit can be done using pop-up windows,
which do not have a visible address bar.

======================================================================
4) Solution

Upgrade to version 9.0.

======================================================================
5) Time Table

31/03/2006 - Initial vendor notification.
28/06/2006 - Public disclosure.

======================================================================
6) Credits

Discovered by Jakob Balle, Secunia Research.

======================================================================
7) References

No references available.

======================================================================
8) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-49/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================