icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Opera < 7.54u1 Download Box Spoofing

Medium

Synopsis

The remote browser allows attackers to spoof download file extensions.

Description

The remote host is using a version of Opera that is prone to a security flaw where a malicious website can spoof a filename within a download dialog box. An attacker exploiting this flaw would need to be able to entice a local user to browse to a malicious website. Upon visiting the website, the user would download a file with an obfuscated name.

Solution

Install Opera 7.54u1 or higher.