Opera < 7.50 onUnload Address Bar Spoofing

This script is Copyright (C) 2004-2012 Tenable Network Security, Inc.


Synopsis :

An installed browser is vulnerable to address bar spoofing.

Description :

The remote host is using Opera - an alternative web browser.

This version of Opera is vulnerable to a security weakness
that may permit malicious web pages to spoof address bar information.

This is reportedly possible through malicious use of the
JavaScript 'unOnload' event handler when the browser
is redirected to another page.

This issue could be exploited to spoof the domain of a malicious web page,
potentially causing the user to trust the spoofed domain.

Solution :

Install Opera 7.50 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 14244 ()

Bugtraq ID: 10337

CVE ID: CVE-2004-2260

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now