FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

opera -- "data:" URI handler spoofing vulnerability

Affected packages
linux-opera < 7.54.20050131
opera < 7.54.20050131
opera-devel < 7.54.20050131


VuXML ID 20c9bb14-81e6-11d9-a9e7-0001020eed82
Discovery 2005-01-12
Entry 2005-02-18

A Secunia Advisory reports:

Michael Holzt has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files.

The vulnerability is caused due to an error in the processing of "data:" URIs, causing wrong information to be shown in a download dialog. This can be exploited by e.g. a malicious website to trick users into executing a malicious file by supplying a specially crafted "data:" URI.


CERT/CC Vulnerability Note 882926
CVE Name CVE-2005-0456