data: URLs can spoof trusted trusted sites – Opera Security Advisories


Opera displays certain data: URLs wrongly, enabling URL spoofing.

Severity: Moderately severe

Problem description

data: URLs embed data inside them, instead of linking to an externalresource. Opera can mistakenly display the end of a data URL insteadof the beginning. This allows an attacker to spoof the URL of atrusted site.

Opera’s response

Opera Software has released Opera 9.22 which has corrected this issue.