• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Opera Web Browser Cross-Site Scripting Local File Disclosure Vulnerability

Severity: HIGH

Description:

Opera is a Web browser available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.

A cross-site scripting and local file disclosure vulnerability affect opera Web Browser. This issue arises due to insufficient sanitization of user-supplied data.

Specifically, this vulnerability presents itself when malformed 'javascript:' URIs are opened in a new window or frame. An attacker can exploit this issue by crafting and sending a malicious 'javascript:' URI to a vulnerable user. If the user opens the link in a new window or frame, this issue may allow the attacker to execute arbitrary script code in the browser.

Reports indicate that this vulnerability can also be leveraged to disclose local files on an affected computer. An attack would occur in the context of the user running the browser.

Attackers may steal cookie-based authentication credentials, disclose local files in the context of the browser and carry out other attacks.

Opera Web Browser version 8.0 is prone to this issue.

Affected Products:

• Opera Software Opera Web Browser 8.0.0
• S.u.S.E. Linux Personal 8.2.0
• S.u.S.E. Linux Personal 9.0.0
• S.u.S.E. Linux Personal 9.0.0 x86_64
• S.u.S.E. Linux Personal 9.1.0
• S.u.S.E. Linux Personal 9.1.0 x86_64
• S.u.S.E. Linux Personal 9.2.0
• S.u.S.E. Linux Personal 9.2.0 x86_64
• S.u.S.E. Linux Personal 9.3.0
• S.u.S.E. Linux Personal 9.3.0 x86_64
• S.u.S.E. Linux Professional 8.2.0
• S.u.S.E. Linux Professional 8.2.0
• S.u.S.E. Linux Professional 9.0.0
• S.u.S.E. Linux Professional 9.0.0 x86_64
• S.u.S.E. Linux Professional 9.1.0
• S.u.S.E. Linux Professional 9.1.0 x86_64
• S.u.S.E. Linux Professional 9.2.0
• S.u.S.E. Linux Professional 9.2.0 x86_64
• S.u.S.E. Linux Professional 9.3.0
• S.u.S.E. Linux Professional 9.3.0 x86_64

References:

• Opera Software: Changelog for Opera 8.01 for Windows
• Secunia: Opera "javascript:" URLs Cross-Site Scripting

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.