Opera Web Browser Top Level Domains Cross Domain Scripting Vulnerability

Bugtraq ID:	50914
Class:	Origin Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 06 2011 12:00AM
Updated:	Dec 06 2011 12:00AM
Credit:	Opera Software
Vulnerable:	Opera Software Opera Web Browser 11.52 Opera Software Opera Web Browser 11.51 Opera Software Opera Web Browser 11.50 Opera Software Opera Web Browser 11.11 Opera Software Opera Web Browser 11.10 Opera Software Opera Web Browser 11.01 Opera Software Opera Web Browser 11.00
Not Vulnerable:	Opera Software Opera Web Browser 11.60

Opera Web Browser Top Level Domains Cross Domain Scripting Vulnerability

The Opera web browser is prone to a cross-domain scripting vulnerability because the application fails to properly enforce the same-origin policy.

Successful exploits will allow attackers to access cookies or execute arbitrary script code within the context of the affected domain.

Versions prior to Opera Web Browser 11.60 are vulnerable.

Opera Web Browser Top Level Domains Cross Domain Scripting Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim into visiting a malicious webpage.

Opera Web Browser Top Level Domains Cross Domain Scripting Vulnerability

Solution:
Updates are available. Please see the references for details.

Opera Web Browser Top Level Domains Cross Domain Scripting Vulnerability

References:

• Opera 11.60 for Windows changelog (Opera Software)
  
• Opera Homepage (Opera Software)
  
• Pages can set cookies and communicate cross-site for some top level domains Seve (Opera Software)