Certain characters may be used for domain name spoofing – Opera Security Advisories


Moderately severe


Opera uses several approaches to prevent spoofing of internationalized domain names (IDN) with characters that look similar to each other. With untrusted top-level domains, Opera prevents certain combinations of characters from being used in the same part of a domain name as each other, and should display them in punycode format instead if they are combined. In some cases, these different characters are not correctly detected, and some incorrect combinations are allowed, which may be used to spoof domain names.

Opera’s response

Opera Software has released Opera 10.54 for Windows and Mac, and Opera 10.60 for Linux and FreeBSD, where this issue has been fixed.