Vigil@nce: Opera, Cross Site Scripting of Links panel
November 2008 by Vigil@nce
An attacker can create a document containing a malicious url in order to generate a Cross Site Scripting during its display in the Links panel.
Consequences: client access/rights
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 30/10/2008
Novell Linux Desktop
Novell Open Enterprise Server
SUSE LINUX Enterprise Server
The Links panel (reachable via Ctrl+Alt+L or Tools-Links) displays the list of links of the current page.
If the attacker owns a malicious site included in a frame of a trusted site, he can thus execute script in the context of the trusted site when the victim opens the Links panel.
Identifiers: BID-31991, CVE-2008-4795, SUSE-SR:2008:023, VIGILANCE-VUL-8210 http://vigilance.fr/vulnerability/8210