Select local site

F-Secure Vulnerability Information :
Opera XMLHttpRequest Security Bypass

[Summary] | [Detailed Description] | [Solution] | [CVE Reference]

Report ID:SA15008
Source:Secunia
Date of Discovery:16.06.2005
Criticality:Moderate
Affects:

Opera 8.x

Compromise From:From remote
Compromise Type:Security bypass
Summary

A vulnerability in Opera, which can be exploited by malicious people to steal content or to perform actions on other web sites with the privileges of the user.

Back to the Top

Detailed Description

A vulnerability in Opera, which can be exploited by malicious people to steal content or to perform actions on other web sites with the privileges of the user.

Normally, it should not be possible for the XMLHttpRequest object to access resources from outside the domain of which the object was opened. However, due to insufficient validation of server side redirects, it is possible to circumvent this restriction.

The vulnerability has been confirmed in version 8.0.

Back to the Top

Solution

Update to version 8.01.
http://www.opera.com/download/

Back to the Top

CVE Reference
CVE-2005-1475
Back to the Top

F-Secure Corporation