1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA15008

Opera XMLHttpRequest Security Bypass

Report ID: SA15008
Source: Secunia
Date of Discovery: 16.06.2005
Criticality: Moderate
Affects:
Opera 8.x
Compromise From: From remote
Compromise Type: Security bypass

Summary

A vulnerability in Opera, which can be exploited by malicious people to steal content or to perform actions on other web sites with the privileges of the user.

Detailed Description

A vulnerability in Opera, which can be exploited by malicious people to steal content or to perform actions on other web sites with the privileges of the user.

Normally, it should not be possible for the XMLHttpRequest object to access resources from outside the domain of which the object was opened. However, due to insufficient validation of server side redirects, it is possible to circumvent this restriction.

The vulnerability has been confirmed in version 8.0.

Solution

Update to version 8.01.
http://www.opera.com/download/

CVE Reference

CVE-2005-1475