Opera SSL Certificate "Stealing" Weakness

Affected Software: Opera 8.x

Secunia Research has discovered a weakness in Opera, which can be exploited to display the SSL certificate from a trusted site on an untrusted site.

The weakness is caused due to Opera not resetting the SSL security bar after displaying a download dialog from a SSL enabled web site. This allows an untrusted web site to display yellow SSL security bar from a trusted web site.

NOTE: A more convincing exploit can be done using pop-up windows, which do not have a visible address bar.

The weakness has been confirmed in Opera 8.54. Prior versions may also be affected.

Solution: Upgrade to version 9.0.


Leave a Reply