FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

opera -- "javascript:" URL cross-site scripting vulnerability

Affected packages
linux-opera < 8.01
opera < 8.01
opera-devel < 8.01

Details

VuXML ID 40856a51-e1d9-11d9-b875-0001020eed82
Discovery 2005-06-16
Entry 2005-06-20

A Secunia Advisory reports:

Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and to read local files.

The vulnerability is caused due to Opera not properly restricting the privileges of "javascript:" URLs when opened in e.g. new windows or frames.

References

CVE Name CVE-2005-1669
URL http://secunia.com/advisories/15411/
URL http://www.opera.com/freebsd/changelogs/801/#security