CVE-2021-23253

Name of the Vulnerable Software and Affected Versions Opera Mini for Android versions prior to 53.1

Description The issue allows a malicious attacker to craft a URL with a long domain name. For example, www.safe.opera.com.attacker.com can be used to deceive users. Since the URL is left-aligned in the address field, the user will only see the front part, such as www.safe.opera.com…. The exact amount visible depends on the phone screen size, but the attacker can craft different domains to target various phones.

Recommendations For Opera Mini for Android versions prior to 53.1, update to version 53.1 or later, which displays long URLs with the top-level domain label aligned to the right of the address field, mitigating the issue.