Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Opera, Cross Site Scripting of Links panel

November 2008 by Vigil@nce

SYNTHESIS

An attacker can create a document containing a malicious url in order to generate a Cross Site Scripting during its display in the Links panel.

Gravity: 2/4

Consequences: client access/rights

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 30/10/2008

IMPACTED PRODUCTS

- Novell Linux Desktop
- Novell Open Enterprise Server
- OpenSUSE
- Opera
- SUSE LINUX Enterprise Server

DESCRIPTION

The Links panel (reachable via Ctrl+Alt+L or Tools-Links) displays the list of links of the current page.

When the page contains frames, links from all frames are displayed on the same panel. However, if those links contain JavaScript code, it is run in the context of the outermost page containing the frames.

If the attacker owns a malicious site included in a frame of a trusted site, he can thus execute script in the context of the trusted site when the victim opens the Links panel.

CHARACTERISTICS

Identifiers: BID-31991, CVE-2008-4795, SUSE-SR:2008:023, VIGILANCE-VUL-8210 http://vigilance.fr/vulnerability/8210




See previous articles

    

See next articles