Thread-topic: [SA26074] Opera "data:" URI Scheme Address Bar Spoofing Vulnerability
> Opera "data:" URI Scheme Address Bar Spoofing Vulnerability
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Less critical
> From remote
> Opera 9.x
> Robert Swiecki has discovered a vulnerability in Opera, which can be
> exploited by malicious people to conduct spoofing attacks.
> The vulnerability is caused due to an error in the handling of the
> "data:" URI scheme. This can be exploited to display arbitrary
> content while showing the URL of a trusted web site in the address
> bar when a user follows a specially crafted link.
> The vulnerability is confirmed in version 9.21. Other versions may
> also be affected.
> Do not follow links from untrusted web sites.
> PROVIDED AND/OR DISCOVERED BY:
> Robert Swiecki
> ORIGINAL ADVISORY: