Advisory: Data URLs with executables and misleading download dialog

Severity: Moderate

Summary

A data URL (RCF 2397) containing an executable file may cause Opera to mislead the user. Opera's download dialog will in some cases say "Open with NOTEPAD.EXE". But clicking "Open" will run the executable.

Problem description

The data URL scheme allows authors to embed binary files, instead of using links to external files. Data URLs containing file types that Opera can display are rendered inline; other file types will be handled by Opera's download dialog.

A bug in Opera's file download handling causes the download dialog to give wrong information to the user when a data URL with an executable file is loaded. In some cases, it will tell the user that the file will be opened with NOTEPAD.EXE. Although this is not usual (Opera opens text/plain itself by default) the user would reasonably expect that the file was a text file, since NOTEPAD.EXE is a text editor. But when the user clicks "Open", the file is executed.

Opera's response

Opera has released a security upgrade, Opera 7.54u2. The download dialog now displays the correct file name after "Open with".

Additionally, Opera for Microsoft Windows displays a yellow triangle with an exclamation mark in it.

Reference

Advisory on secunia.com: Opera "data:" URI Handler Spoofing Vulnerability

Support

• New to Opera
• Register Opera Mobile
• Tutorials
• Knowledge base
• Community
• Reporting bugs
• Premium support
• Documentation

Web analytics powered by HitsLink. Copyright Opera Software ASA. All rights reserved.

Site Index | Contact | Privacymy.opera.com | operamini.com | widgets.opera.com | dev.opera.com | jobs.opera.com | operapowered.com
jp.opera.com | ru.opera.com | pl.opera.com | de.opera.com | cn.opera.com | tw.opera.com | in.opera.com