Opera Remote Location Object Cross-domain Scripting Vulnerability Network Vulnerability

Summary

The remote host contains a web browser that is affected by multiple flaws. Description : The remote host is using Opera, an alternative web browser. This version of Opera on the remote host fails to block write access to the 'location' object. This could allow a user to create a specially crafted URL to overwrite methods within the 'location' object that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of confidentiality and integrity.

Solution

Upgrade to Opera 7.54 or newer.

References

http://www.greymagic.com/security/advisories/gm008-op/
http://www.opera.com/docs/changelogs/windows/754/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-2570
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities
Fraudulent Digital Certificates Spoofing Vulnerability (2524375)
DCE Services Enumeration
Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
Mozilla/Firefox security manager certificate handling DoS

Opera remote location object cross-domain scripting vulnerability

Take action and discover your vulnerabilities