Monday, October 8, 2012

Vulnerability: Cross-site scripting in Opera

Vulnerability in Opera allows XSS attack on any site


For an attacker to exploit the vulnerability by placing a specially crafted link to the target resource.

The forum RDot.org has information about the dangerous vulnerabilities in the browser Opera, which allows XSS attack in the context of an arbitrary web-site. This vulnerability can also be exposed to the latest versions of the browser Mozilla Firefox.


To use this vulnerability, an attacker need only place a specially crafted link to the targeted site. Thus is vulnerable is the same site that is hosting the link, not the one on which the link leads. Thus, to capture, for example, authorization cookie, an attacker need only place a link on the forum or in the comments of the target site. Exploitation occurs when the user clicks on this link.

At the time of publication of news Opera developers have not released fixes for vulnerabilities, and the editorial Securitylab.ru recommends temporarily use a different browser.

No comments:

Post a Comment