Opera SSL Certificate "Stealing" Weakness

Affected Software: Opera 8.x


Secunia Research has discovered a weakness in Opera, which can be exploited to display the SSL certificate from a trusted site on an untrusted site.


The weakness is caused due to Opera not resetting the SSL security bar after displaying a download dialog from a SSL enabled web site. This allows an untrusted web site to display yellow SSL security bar from a trusted web site.


NOTE: A more convincing exploit can be done using pop-up windows, which do not have a visible address bar.


The weakness has been confirmed in Opera 8.54. Prior versions may also be affected.


Solution: Upgrade to version 9.0.


http://secunia.com/advisories/19480/

Leave a Reply