BID:50920

Opera ':visited' Browser History Information Disclosure Vulnerability

Info

Opera ':visited' Browser History Information Disclosure Vulnerability

Bugtraq ID:	50920
Class:	Design Error
CVE:	CVE-2010-5068
Remote:	Yes
Local:	No
Published:	Dec 06 2011 12:00AM
Updated:	Mar 19 2015 09:45AM
Credit:	Artur Janc
Vulnerable:	Opera Software Opera Web Browser 11.60 Opera Software Opera Web Browser 11.52 Opera Software Opera Web Browser 11.51 Opera Software Opera Web Browser 11.50 Opera Software Opera Web Browser 11.11 Opera Software Opera Web Browser 11.10 Opera Software Opera Web Browser 11.01 Opera Software Opera Web Browser 11.00 Opera Software Opera Web Browser 10.63 Opera Software Opera Web Browser 10.62 Opera Software Opera Web Browser 10.61 Opera Software Opera Web Browser 10.60 Beta1 Opera Software Opera Web Browser 10.60 Opera Software Opera Web Browser 10.60 Opera Software Opera Web Browser 10.54 Opera Software Opera Web Browser 10.54 Opera Software Opera Web Browser 10.53 B Opera Software Opera Web Browser 10.53 Opera Software Opera Web Browser 10.52 Opera Software Opera Web Browser 10.51 Opera Software Opera Web Browser 10.50 Beta2 Opera Software Opera Web Browser 10.50 Beta1 Opera Software Opera Web Browser 10.50 Opera Software Opera Web Browser 10.10 Beta1 Opera Software Opera Web Browser 10.10 Opera Software Opera Web Browser 10.1 Opera Software Opera Web Browser 10.01 Opera Software Opera Web Browser 10.00 Beta3 Opera Software Opera Web Browser 10.00 Beta2 Opera Software Opera Web Browser 10.00 Beta1 Opera Software Opera Web Browser 10.00 Opera Software Opera Web Browser 10

Not Vulnerable:

Discussion

Opera ':visited' Browser History Information Disclosure Vulnerability

Opera is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to browser history information. Information obtained may aid in further attacks.

Exploit / POC

Opera ':visited' Browser History Information Disclosure Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

Solution / Fix

Opera ':visited' Browser History Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]..

References

Opera ':visited' Browser History Information Disclosure Vulnerability

References:

Feasibility and Real-World Implications of Web Browser History Detection (Artur Janc)
Opera Homepage (Opera Software)