CVE-2021-23253
First published: Mon Jan 11 2021(Updated: )
Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g. www.safe.opera.com…) The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue.
Credit: security@opera.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opera Opera Mini | <53.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-23253.
What is the affected software?
Opera Mini for Android below 53.1 is affected by this vulnerability.
What is the severity of CVE-2021-23253?
The severity of this vulnerability is medium, with a severity value of 5.3.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by crafting a URL with a long domain name, which is displayed left-aligned in the address field of Opera Mini for Android below 53.1, leading to address bar spoofing.
Is there a fix available for this vulnerability?
Yes, the fix for this vulnerability is to update Opera Mini for Android to version 53.1 or higher.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/opera
- canonical/opera opera mini