header-logo
Suggest Exploit
vendor:
Opera Browser
by:
5.3
CVSS
MEDIUM
Same Origin Policy Bypass
79
CWE
Product Name: Opera Browser
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:opera:opera_browser
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux

Same Origin Policy Bypass in Opera Browser

The vulnerability allows an attacker to bypass the same origin policy in some versions of the Opera Browser. By modifying the location property of an IFRAME or FRAME included in the document, an attacker can execute script code within the context of the previous frame site. This can lead to potential information disclosure or unauthorized actions.

Mitigation:

Upgrade to a fixed version of the Opera Browser. Avoid loading untrusted or unknown websites within frames.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4745/info

Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux. A vulnerability has been reported in some versions of the Opera Browser.

It is possible to bypass the same origin policy in some versions of the Opera Browser. Javascript may modify the location property of an IFRAME or FRAME included in the document. If the location is set to a javascript: URL, the script code will execute within the context of the previous frame site.

<iframe name=foo src="www.sensitive.com"></iframe>
<script>foo.location="javascript:alert(document.cookie)";</script>

Navigation

Suggest Exploit

Services By CQR