Secunia Research: Opera SSL Certificate "Stealing" Weakness
======================================================================
Secunia Research 28/06/2006
- Opera SSL Certificate "Stealing" Weakness -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Description of Vulnerabilities.......................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9
======================================================================
1) Affected Software
Opera 8.54
Prior versions may also be affected.
======================================================================
2) Severity
Rating: Not critical
Impact: Spoofing
Where: From remote
======================================================================
3) Description of Vulnerabilities
Secunia Research has discovered a weakness in Opera, which can be
exploited to display the SSL certificate from a trusted site on an
untrusted site.
The weakness is caused due to Opera not resetting the SSL security
bar after displaying a download dialog from a SSL enabled web site.
This allows an untrusted web site to display yellow SSL security bar
from a trusted web site.
NOTE: A more convincing exploit can be done using pop-up windows,
which do not have a visible address bar.
======================================================================
4) Solution
Upgrade to version 9.0.
======================================================================
5) Time Table
31/03/2006 - Initial vendor notification.
28/06/2006 - Public disclosure.
======================================================================
6) Credits
Discovered by Jakob Balle, Secunia Research.
======================================================================
7) References
No references available.
======================================================================
8) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
9) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-49/advisory/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================