Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Vigil@nce: Opera, Cross Site Scripting of Links panel

November 2008 by Vigil@nce


An attacker can create a document containing a malicious url in order to generate a Cross Site Scripting during its display in the Links panel.

Gravity: 2/4

Consequences: client access/rights

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 30/10/2008


- Novell Linux Desktop
- Novell Open Enterprise Server
- OpenSUSE
- Opera
- SUSE LINUX Enterprise Server


The Links panel (reachable via Ctrl+Alt+L or Tools-Links) displays the list of links of the current page.

When the page contains frames, links from all frames are displayed on the same panel. However, if those links contain JavaScript code, it is run in the context of the outermost page containing the frames.

If the attacker owns a malicious site included in a frame of a trusted site, he can thus execute script in the context of the trusted site when the victim opens the Links panel.


Identifiers: BID-31991, CVE-2008-4795, SUSE-SR:2008:023, VIGILANCE-VUL-8210

See previous articles


See next articles