Opera Web Browser Frame Functions Same Origin Policy Bypass Vulnerability
BID:26102
Info
Opera Web Browser Frame Functions Same Origin Policy Bypass Vulnerability
| Bugtraq ID: | 26102 |
| Class: | Design Error |
| CVE: |
CVE-2007-5540 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 17 2007 12:00AM |
| Updated: | Oct 31 2007 02:46PM |
| Credit: | David Bloom is credited with the discovery of this vulnerability. |
| Vulnerable: |
SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 Opera Software Opera Web Browser 8.51 Opera Software Opera Web Browser 8.50 Opera Software Opera Web Browser 8.0.2 Opera Software Opera Web Browser 8.0 2 Opera Software Opera Web Browser 8.0 1 Opera Software Opera Web Browser 8.0 Opera Software Opera Web Browser 7.54 Opera Software Opera Web Browser 7.53 Opera Software Opera Web Browser 7.52 Opera Software Opera Web Browser 7.51 Opera Software Opera Web Browser 7.50 Opera Software Opera Web Browser 7.23 Opera Software Opera Web Browser 7.22 Opera Software Opera Web Browser 7.21 Opera Software Opera Web Browser 7.20 Opera Software Opera Web Browser 7.11 Opera Software Opera Web Browser 7.10 Opera Software Opera Web Browser 6.0.1 Opera Software Opera Web Browser 6.0 6 Opera Software Opera Web Browser 6.0 Opera Software Opera Web Browser 5.12 Opera Software Opera Web Browser 9.23 Opera Software Opera Web Browser 9.22 Opera Software Opera Web Browser 9.21 Opera Software Opera Web Browser 9.20 Opera Software Opera Web Browser 9.10 Opera Software Opera Web Browser 9.02 Opera Software Opera Web Browser 9.01 Opera Software Opera Web Browser 9 Opera Software Opera Web Browser 8.54 Opera Software Opera Web Browser 8.53 Opera Software Opera Web Browser 8.52 Gentoo Linux |
| Not Vulnerable: |
Opera Software Opera Web Browser 9.24 |
Discussion
Opera Web Browser Frame Functions Same Origin Policy Bypass Vulnerability
Opera Web Browser is prone to a vulnerability that lets attackers bypass the same-origin policy.
Attackers can exploit this issue to execute arbitrary JavaScript in the context of another domain.
Versions prior to Opera for Desktop 9.24 are vulnerable.
Opera Web Browser is prone to a vulnerability that lets attackers bypass the same-origin policy.
Attackers can exploit this issue to execute arbitrary JavaScript in the context of another domain.
Versions prior to Opera for Desktop 9.24 are vulnerable.
Exploit / POC
Opera Web Browser Frame Functions Same Origin Policy Bypass Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Opera Web Browser Frame Functions Same Origin Policy Bypass Vulnerability
Solution:
The vendor released Opera Web Browser 9.24 to address this issue. Please see the references for more information.
Solution:
The vendor released Opera Web Browser 9.24 to address this issue. Please see the references for more information.
References
Opera Web Browser Frame Functions Same Origin Policy Bypass Vulnerability
References:
References:
- Download Opera Web Browser (Opera Software)
- Opera Homepage (Opera Software)
- Advisory: Scripts can overwrite functions on pages from other domains (Opera Software)