Opera 5.12/6.0 Frame Location Same Origin Policy Circumvention Vulnerability
2002-05-15T00:00:00
ID EDB-ID:21451 Type exploitdb Reporter Andreas Sandblad Modified 2002-05-15T00:00:00
Description
Opera 5.12/6.0 Frame Location Same Origin Policy Circumvention Vulnerability. CVE-2002-0783. Remote exploit for windows platform
source: http://www.securityfocus.com/bid/4745/info
Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux. A vulnerability has been reported in some versions of the Opera Browser.
It is possible to bypass the same origin policy in some versions of the Opera Browser. Javascript may modify the location property of an IFRAME or FRAME included in the document. If the location is set to a javascript: URL, the script code will execute within the context of the previous frame site.
<iframe name=foo src="www.sensitive.com"></iframe>
<script>foo.location="javascript:alert(document.cookie)";</script>
{"id": "EDB-ID:21451", "hash": "c7d65c6d4cc86a2cb11b694105e6e1a9", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Opera 5.12/6.0 Frame Location Same Origin Policy Circumvention Vulnerability", "description": "Opera 5.12/6.0 Frame Location Same Origin Policy Circumvention Vulnerability. CVE-2002-0783. Remote exploit for windows platform", "published": "2002-05-15T00:00:00", "modified": "2002-05-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/21451/", "reporter": "Andreas Sandblad", "references": [], "cvelist": ["CVE-2002-0783"], "lastseen": "2016-02-02T16:30:09", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-0783"]}, {"type": "osvdb", "idList": ["OSVDB:6271"]}], "modified": "2016-02-02T16:30:09"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/21451/", "sourceData": "source: http://www.securityfocus.com/bid/4745/info\r\n\r\nOpera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux. A vulnerability has been reported in some versions of the Opera Browser.\r\n\r\nIt is possible to bypass the same origin policy in some versions of the Opera Browser. Javascript may modify the location property of an IFRAME or FRAME included in the document. If the location is set to a javascript: URL, the script code will execute within the context of the previous frame site.\r\n\r\n<iframe name=foo src=\"www.sensitive.com\"></iframe>\r\n<script>foo.location=\"javascript:alert(document.cookie)\";</script> ", "osvdbidlist": ["6271"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2016-09-03T03:27:23", "bulletinFamily": "NVD", "description": "Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.", "modified": "2008-09-05T16:28:56", "published": "2002-08-12T00:00:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0783", "id": "CVE-2002-0783", "title": "CVE-2002-0783", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:01", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 9096\n[CVE-2002-0783](https://vulners.com/cve/CVE-2002-0783)\nBugtraq ID: 4745\n", "modified": "2002-05-15T00:00:00", "published": "2002-05-15T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6271", "id": "OSVDB:6271", "type": "osvdb", "title": "Opera Frame Location Origin Policy Bypass", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
