Opera Web Browser 'in' Operator Cross Domain Information Disclosure Vulnerability

Bugtraq ID:	50915
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 06 2011 12:00AM
Updated:	Dec 06 2011 12:00AM
Credit:	David Bloom
Vulnerable:	Opera Software Opera Web Browser 11.52 Opera Software Opera Web Browser 11.51 Opera Software Opera Web Browser 11.50 Opera Software Opera Web Browser 11.11 Opera Software Opera Web Browser 11.10 Opera Software Opera Web Browser 11.01 Opera Software Opera Web Browser 11.00
Not Vulnerable:	Opera Software Opera Web Browser 11.60

Opera Web Browser 'in' Operator Cross Domain Information Disclosure Vulnerability

The Opera web browser is prone to a cross-domain information-disclosure vulnerability.

An attacker can exploit this issue to check the existence of variables on other sites.

Versions prior to Opera Web Browser 11.60 are vulnerable.

Opera Web Browser 'in' Operator Cross Domain Information Disclosure Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to visit a crafted site.

Opera Web Browser 'in' Operator Cross Domain Information Disclosure Vulnerability

Solution:
Updates are available. Please see the reference for more details.

Opera Web Browser 'in' Operator Cross Domain Information Disclosure Vulnerability

References:

• Opera 11.60 for Windows changelog (Opera Software)
  
• Opera Homepage (Opera Software)
  
• JavaScript 'in' operator allows leakage of cross-domain information Severity (Opera Software)