VULHUB ™

A weakness has been reported in Opera that may allow attackers to obfuscate the URI for a visited page. The problem is said to occur when a URI that is designed to access a specific location with a supplied username, contains a specially crafted sequence of characters. These characters will be interpreted as a NULL due to UTF-8 encoding. This sequence may be placed as part of the username value prior to the @ symbol in the malicious URI to aid in obfuscating the URI for a visited page. An attacker could exploit this issue by supplying a malicious URI pointing to a page designed to mimic that of a trusted site, and tricking a victim who follows a link into believing they are actually at the trusted location.

A weakness has been reported in Opera that may allow attackers to obfuscate the URI for a visited page. The problem is said to occur when a URI that is designed to access a specific location with a supplied username, contains a specially crafted sequence of characters. These characters will be interpreted as a NULL due to UTF-8 encoding. This sequence may be placed as part of the username value prior to the @ symbol in the malicious URI to aid in obfuscating the URI for a visited page. An attacker could exploit this issue by supplying a malicious URI pointing to a page designed to mimic that of a trusted site, and tricking a victim who follows a link into believing they are actually at the trusted location.