CVE-2019-12278

Опубликовано: 12 мар. 2020

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the "first strong character" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL.

Ссылки

https://help.opera.com/en/latest/security-and-privacy/
Vendor Advisory
https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c
Exploit
Third Party Advisory
https://help.opera.com/en/latest/security-and-privacy/
Vendor Advisory
https://medium.com/bugbountywriteup/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opera:opera:52.1.2517.139570:*:*:*:*:android:*:*

EPSS

Процентиль: 57%

0.00351

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-x8x9-xrq5-rgjj

github

больше 3 лет назад

EPSS

Процентиль: 57%

0.00351

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo