Vigil@nce: Opera, several vulnerabilities
September 2009 by Vigil@nce
Several vulnerabilities of Opera can deceive the victim.
– Severity: 2/4
– Consequences: data reading
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 4
– Creation date: 01/09/2009
IMPACTED PRODUCTS
– Opera
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities have been announced in Opera.
The user is not warned when an intermediary certificate is
revoked. [grav:2/4]
The address bar may display the domain of the previously visited
web site. [grav:2/4]
An international domain name can contain Unicode characters which
are incorrectly displayed, in order to deceive the victim.
[grav:2/4]
A certificate containing a wildcard or a null character can be
displayed as valid and secure. [grav:2/4]
CHARACTERISTICS
– Identifiers: BID-36202, VIGILANCE-VUL-8989
– Url: http://vigilance.fr/vulnerability/Opera-several-vulnerabilities-8989