Address Bar Spoofing Vulnerability in Opera Browser for Android
CVE-2019-12278

4.3MEDIUM

Key Information:

Vendor: Opera
Status: Opera
Vendor: CVE Published:; 12 March 2020

What is CVE-2019-12278?

Opera Browser versions up to 53 for Android are exposed to a vulnerability that enables address bar spoofing. The issue arises from the improper handling of several Unicode characters, which leads to a misrepresentation of URLs. When certain characters are rendered in a right-to-left order, a numerical IP address or alphabetic string might be displayed inaccurately, potentially deceiving users by showing a spoofed URL in the address bar. This vulnerability emphasizes the need for enhanced validation mechanisms within mobile browsers to safeguard users from phishing and other deceptive practices.

References

https://help.opera.com/en/latest/security-and-privacy/

x_refsource_MISC

https://medium.com/bugbountywriteup/opera-android-address...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2020
Vulnerability Reserved
May 22, 2019