• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Opera JavaScript Console Single Quote Attribute Injection Vulnerability

Severity: HIGH

Description:

Opera is a web client available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.

A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in Opera's JavaScript console program. The console program consists of three HTML files, one of which is 'console.html'. Any unhandled exceptions thrown by any JavaScript are listed in the console and are converted into clickable links.

The vulnerability is present in the regular expressions used by 'console.html' to format exception messages. Specifically, exception messages are not parsed for quote characters. It is possible, by inserting of single quote (') characters, to add additional attributes to URIs that may make it possible to execute arbitrary attacker-supplied script code through the file:// URI handler. This may lead to disclosure of local file contents to remote attackers.

This issue is a variant of the vulnerability described in BID 6755, using single quote characters instead of double quotes. It is reported that this variant also affects patched versions of the browser. Opera 7.10 attempts to address this issue by sanitizing single quote characters, but is still prone to the issue if the hexadecimal code for the single quote HTML entity is used.

Affected Products:

• Opera Software Opera Web Browser 7.0.0 1win32
• Opera Software Opera Web Browser 7.0.0 2win32
• Opera Software Opera Web Browser 7.0.0 3win32
• Opera Software Opera Web Browser 7.10.0

References:

• Opera Software: Opera Web Browser Home Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.