|
|
>> Opera Multiple Cross Site Scripting and Spoofing Vulnerabilities
|
Multiple vulnerabilities were identified in Opera, which could be exploited by malicious web sites to conduct cross site scripting and spoofing attacks.
The first issue is due to an error in the handling of extended ASCII codes in the download dialog, which can be exploited to spoof the file extension in the file download dialog via a specially crafted "Content-Disposition" HTTP header and trick a user into downloading and executing a malicious file.
The second vulnerability is caused due to Opera allowing a user to drag e.g. an image, which is actually a "javascript:" URI, resulting in cross site scripting if dropped over another site, which may also be used to populate a file upload form, resulting in uploading of arbitrary files to a malicious web site. Successful exploitation requires that the user is tricked into dragging and dropping e.g. an image or a link.
The third flaw is due to an unspecified error that could be exploited by malicious web sites to conduct link hijacking attacks.
Affected Products
Opera version 8.01 and prior
Solution
Upgrade to Opera version 8.02 :
http://www.opera.com/download/
References
http://www.vupen.com/english/advisories/2005/1251
http://www.opera.com/windows/changelogs/802/
http://www.secunia.com/advisories/15870/
http://www.secunia.com/advisories/15756/
Credits
Vulnerabilities reported by Andreas Sandblad and Jakob Balle (Secunia Research)
ChangeLog
2005-07-28 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
