Opera Web Browser 7 IFRAME Zone Restriction Bypass Vulnerability

ID EDB-ID:23291
Type exploitdb
Reporter Mindwarper
Modified 2003-10-24T00:00:00


Opera Web Browser 7 IFRAME Zone Restriction Bypass Vulnerability. Remote exploits for multiple platform

                                            source: http://www.securityfocus.com/bid/8887/info

A flaw in the Opera web browsers security model has been discovered that could allow an attacker to access a users filesystem within the Local Zone. The problem occurs when handling malformed HTML iframes which point to local system locations. Exploitation of this vulnerability could result in the exposure of sensitive data or could potentially lead to the corruption of system critical files.

**UPDATE: The vendor has contacted Symantec and has stated that this is not a vulnerability. Symantec has not been able to reproduce the claims made by the individual who reported this issue. This record is being retired, though it may be re-activated if further findings confirm existence of the vulnerability. 

<iframe name="abc" src="file:///C:/"></iframe>