Web fonts can be used to spoof the page address – Opera Security Advisories

Description

In some cases, a Web font intended to be used for page content could be incorrectly used by Opera to render parts of the user interface, including the address field. This can be used by a malicious site to display a false domain name in the address field.

Operating systems

Windows

Severity

Less severe

Opera’s Response

Opera Software has released Opera 10.01, where this issue has been fixed.

Credits

Thanks to John Daggett for reporting this issue to Opera Software.