HTTP: Opera Search History Disclosure
This signature detects attempts to exploit a known vulnerability against the Opera web browser. Attackers can use javascript to search through the history of the browser.
Extended Description
Opera Web Browser is prone to an input-validation vulnerability because of the way it stores data used for the History Search feature. Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, obtain sensitive information, or execute local programs in the context of the browser; other attacks are also possible. Versions prior to Opera Web Browser 9.61 are vulnerable. NOTE: This issue was previously documented in BID 31842 (Opera Web Browser HTML Injection and Cross Site Scripting Vulnerabilities) but has been given its own record to better document the details.
Affected Products
Opera_software opera_web_browser
Short Name
HTTP:STC:OPERA:SEARCH-HIST
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2008-4696 Disclosure History Opera Search bid:31869
Release Date
11/22/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3396
False Positive
Unknown
Vendors
Opera_software
Suse
Gentoo
CVSS Score
4.3