Advisory

Vulnerability

Opera Mini Location Permission Spoof Vulnerability

Vulnerability Description

A location permission spoof vulnerability was discovered in opera mini 47.1.2249.129326 for Android which allows an attacker to spoof location permission dialog box origined from attackers website while being on any legit website.

CVE ID

CVE-2018-16135

Vendor

https://www.opera.com/

Disclosure Timeline

02 August 2018 - Reported to vendor

18 August 2018 - Patch confimration received from vendor

Credits

Nikhil Mittal

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16135