opera -- "javascript:" URL cross-site scripting vulnerability

ID 40856A51-E1D9-11D9-B875-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-06-16T00:00:00


A Secunia Advisory reports:

Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and to read local files. The vulnerability is caused due to Opera not properly restricting the privileges of "javascript:" URLs when opened in e.g. new windows or frames.