A new vulnerability found in the Opera browser could allow hackers to perform phishing attacks.
Errors due to information in the address box change before the page loading process is completed. Hackers can exploit this vulnerability through specially designed HTML pages that offer the following features:
1) Load the HTML page with the "unOnload" event in the tag, causing infinite looping when the site is down.
2) Display a binary website (possibly a "dangerous" website) within an iframe structure, and control the "onLoad" event to access a binary website.
According to the warning, successful exploits will cause the browser not to load the new website (probably safe) but only display URL lines in the address box.
Affected version
Opera 5.x
Opera 6.x
Opera 7.x
Solution
- Disable Javascript support.
- Enter URLs directly into trusted websites, not click links from unsafe sources.
