[SEG] Opera Window Injection Vulnerability

08/12/2004 - 18:08 por Windows | Informe spam
(ver "solution" :-)

Opera Window Injection Vulnerability
http://secunia.com/advisories/13253/

Secunia Advisory: SA13253 Print Advisory
Release Date: 2004-12-08

Critical:Moderately critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched

Software: Opera 7.x

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Secunia Research has reported a vulnerability in Opera, which can be
exploited by malicious people to spoof the content of websites.

The problem is that a website can inject content into another site's
window if the target name of the window is known. This can e.g. be
exploited by a malicious website to spoof the content of a pop-up
window opened on a trusted website.

This is related to:
SA11978

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/multiple_browser...lity_test/

The vulnerability has been confirmed in Opera version 7.54. Other
versions may also be affected.

Solution:
Do not browse untrusted sites while browsing trusted sites.

Provided and/or discovered by:
Secunia Research

Original Advisory:
http://secunia.com/secunia_research.../advisory/

Other References:
SA11978:
http://secunia.com/advisories/11978/
 

Leer las respuestas

#1 JM Tella Llop [MVP Windows]
09/12/2004 - 15:46 | Informe spam
No es tema de estos foros.

Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase,
y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no
rights.
You assume all risk for your use.



"Windows" wrote in message
news:
(ver "solution" :-)

Opera Window Injection Vulnerability
http://secunia.com/advisories/13253/

Secunia Advisory: SA13253 Print Advisory
Release Date: 2004-12-08

Critical:Moderately critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched

Software: Opera 7.x

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Secunia Research has reported a vulnerability in Opera, which can be
exploited by malicious people to spoof the content of websites.

The problem is that a website can inject content into another site's
window if the target name of the window is known. This can e.g. be
exploited by a malicious website to spoof the content of a pop-up
window opened on a trusted website.

This is related to:
SA11978

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/multiple_browser...lity_test/

The vulnerability has been confirmed in Opera version 7.54. Other
versions may also be affected.

Solution:
Do not browse untrusted sites while browsing trusted sites.

Provided and/or discovered by:
Secunia Research

Original Advisory:
http://secunia.com/secunia_research.../advisory/

Other References:
SA11978:
http://secunia.com/advisories/11978/

Preguntas similares