VULHUB ™

Opera is affected by a remote location object cross-domain scripting vulnerability. This issue is due to a failure to properly validate methods that a user can access. An attacker might leverage this issue to steal cookie based authentication credentials, conduct phishing attacks along with other attacks. Furthermore, provided there is an HTML script invoking 'location' methods local to a victim's computer (such as c:/winnt/help/ciadmin.htm in most Microsoft Windows implementations) an attacker can exploit this issue to gain read access to directory contents, files and email read using Opera's email utilities. Although this issue is reported to affect versions 1.52 and 1.53 of the affected software, it is likely that earlier versions are also affected.

Opera is affected by a remote location object cross-domain scripting vulnerability. This issue is due to a failure to properly validate methods that a user can access. An attacker might leverage this issue to steal cookie based authentication credentials, conduct phishing attacks along with other attacks. Furthermore, provided there is an HTML script invoking 'location' methods local to a victim's computer (such as c:/winnt/help/ciadmin.htm in most Microsoft Windows implementations) an attacker can exploit this issue to gain read access to directory contents, files and email read using Opera's email utilities. Although this issue is reported to affect versions 1.52 and 1.53 of the affected software, it is likely that earlier versions are also affected.