thank cve assign a cve id: CVE-2012-3560 to this. 于 2012/6/14 18:48, Code Audit Labs 写道: > CAL-2012-0015 opera website spoof > > > CVE ID: Opera did not assign ,please cve@xxxxxxxxx assign > CAL ID: CAL-2012-0015 > ref: > http://blog.vulnhunt.com/index.php/2012/06/14/cal-2012-0015-opera-website-spoof/ > > > 1 Affected Products > ================= > 11.61 and prior > > > 2 Vulnerability Details > ===================== > > Code Audit Labs http://www.vulnhunt.com has discovered a website > spoof vulnerability in Opera .When a user types a new URL for the > browser to load, the currently active page may detect when the > new page is about to load and prevent the navigation, while still > leaving the new URL displayed in the address bar. This can then be > used to spoof the URL of the target page. The malicious page would > need to employ social engineering tactics in order to guess what > page the user is likely to try to load next, as it cannot see what > URL the user has typed. > > > 3: how to fixed > ========== > Opera Software has released Opera 12 and Opera 11.65, > where this issue has been fixed. > http://www.opera.com/support/kb/view/1022/ > > > 4 About Code Audit Labs: > ===================== > Code Audit Labs secure your software,provide Professional include source > code audit and binary code audit service. > Code Audit Labs:” You create value for customer,We protect your value” > > http://www.VulnHunt.com > http://blog.Vulnhunt.com > http://t.qq.com/vulnhunt > http://weibo.com/vulnhunt > https://twitter.com/vulnhunt >
