JavaScript might run in the wrong context if loaded from error page

Type opera
Reporter Opera
Modified 2010-10-11T00:00:00


If Opera is sent to an invalid URL, an error page will be displayed along with a link to the URL. The URL linked to might run scripts, and in some cases these scripts might be run in the wrong security context. This can be used to execute scripts in the context of an unrelated domain, which allows cross-site scripting.To exploit this vulnerability, an attacker must get the user to interact with a specially crafted error page.