Opera GX Android - Address Bar Spoof with intent://vtp.operagx.gg/?url=

Disclosed by
Renwa's avatar
Renwa
  • Engagement Opera Public Bug Bounty
  • Disclosed date almost 2 years ago
  • Points 40
  • Priority P1 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by Renwa

Open Redirect to data URI causes address bar spoof

Activity
  1. FlyEye’s avatar
    FlyEye Customer published the disclosure report

    ()

  2. Renwa’s avatar
    Renwa requested disclosure

    ()

  3. FlyEye’s avatar
    FlyEye Customer rewarded Renwa

    ()

  4. FlyEye’s avatar
    FlyEye Customer changed the severity to P1

    ()

  5. FlyEye’s avatar
    FlyEye Customer rewarded Renwa 35 points

    ()

  6. FlyEye’s avatar
    FlyEye Customer changed the state to Resolved

    ()

  7. Renwa’s avatar
    Renwa sent a message

    ()

  8. FlyEye’s avatar
    FlyEye Customer sent a message

    ()

  9. Joshua’s avatar
    Joshua Customer resolved a blocker for Bugcrowd Operations by responding to comments

    ()

  10. Joshua’s avatar
    Joshua Customer sent a message

    ()

  11. Joshua’s avatar
    Joshua Customer changed the state to Unresolved

    ()

  12. Joshua’s avatar
    Joshua Customer rewarded Renwa 5 points

    ()

  13. mehmet_bugcrowd’s avatarbugcrowd logo
    mehmet_bugcrowd sent a message

    ()

  14. mehmet_bugcrowd’s avatarbugcrowd logo
    mehmet_bugcrowd created a blocker on Opera to respond to comments

    ()

  15. Renwa’s avatar
    Renwa sent a message

    ()

  16. Joshua’s avatar
    Joshua Customer sent a message

    ()

  17. Renwa’s avatar
    Renwa created the submission

    ()