Main Vulnerability Database SB2020031238

SB2020031238 - Input validation error in Opera

Published: March 12, 2020 Updated: August 8, 2020

Security Bulletin ID SB2020031238

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-12278)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the "first strong character" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL.

Remediation

Install update from vendor's website.

References

https://help.opera.com/en/latest/security-and-privacy/
https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c