Vigil@nce: Opera, Cross Site Scripting of Links panel
November 2008 by Vigil@nce
SYNTHESIS
An attacker can create a document containing a malicious url in
order to generate a Cross Site Scripting during its display in the
Links panel.
Gravity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 30/10/2008
IMPACTED PRODUCTS
– Novell Linux Desktop
– Novell Open Enterprise Server
– OpenSUSE
– Opera
– SUSE LINUX Enterprise Server
DESCRIPTION
The Links panel (reachable via Ctrl+Alt+L or Tools-Links) displays
the list of links of the current page.
When the page contains frames, links from all frames are displayed
on the same panel. However, if those links contain JavaScript
code, it is run in the context of the outermost page containing
the frames.
If the attacker owns a malicious site included in a frame of a
trusted site, he can thus execute script in the context of the
trusted site when the victim opens the Links panel.
CHARACTERISTICS
Identifiers: BID-31991, CVE-2008-4795, SUSE-SR:2008:023,
VIGILANCE-VUL-8210
http://vigilance.fr/vulnerability/8210