|
Opera Cross Site Scripting vulnerability
|
|
Secunia Advisory:
|
SA8155
|
|
|
Release Date:
|
2003-02-26
|
|
Last Update:
|
2003-03-10
|
|
Popularity:
|
13,567 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Cross Site Scripting
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Opera 6.x
Opera 7.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
A vulnerability exists in the way the Opera browser generates a temporary page for displaying a redirection, when "Automatic redirection" is disabled (not default setting).
When Opera generates a page for displaying a redirect, it does not strip any characters, making it possible to inject malicious script code into the page generated by the Opera browser. This page has the same privileges as the domain trying to redirect the user, making it possible to steal cookies, hi-jack sessions etc. from the domain.
Eg. many websites use a "redirect-script" to redirect users. These scripts often take arguments without any further validation, because their only function is to send the user to a new URL. However when
Opera is set to not automatically redirect a user, Opera will display this URL on a temporary page without stripping it for malicious code.
Sample exploit:
http://secunia.com/secunia_research/2003-1/exploit/
Following have been tested and found vulnerable:
Opera prior to 7.02 on Windows
Opera 6.x on both Windows and Linux
Opera 7.02 "Bork Edition" is also vulnerable.
Solution:
Vendor patch:
-- Windows --
Update to version 7.02 or newer:
http://www.opera.com/download/index.dml?platform=windows
-- Linux --
Update to version 6.12 or newer:
http://www.opera.com/download/index.dml?platform=linux
Workaround:
A workaround would be to leave "Automatic redirection" enabled.
Provided and/or discovered by:
Jakob Balle, Secunia
Changelog:
2003-02-27: Updated with information regarding Opera 7.02 "Bork Edition"
2003-03-10: Updated version for Linux released (version 6.12).
Original Advisory:
http://secunia.com/secunia_research/2003-1/
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
Today
|
New advisories:
|
19 |
|
New vulnerabilities:
|
68 |
|
Updated advisories:
|
62 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
