Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Opera, Cross Site Scripting of Links panel

November 2008 by Vigil@nce

SYNTHESIS

An attacker can create a document containing a malicious url in
order to generate a Cross Site Scripting during its display in the
Links panel.

Gravity: 2/4

Consequences: client access/rights

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 30/10/2008

IMPACTED PRODUCTS

 Novell Linux Desktop
 Novell Open Enterprise Server
 OpenSUSE
 Opera
 SUSE LINUX Enterprise Server

DESCRIPTION

The Links panel (reachable via Ctrl+Alt+L or Tools-Links) displays
the list of links of the current page.

When the page contains frames, links from all frames are displayed
on the same panel. However, if those links contain JavaScript
code, it is run in the context of the outermost page containing
the frames.

If the attacker owns a malicious site included in a frame of a
trusted site, he can thus execute script in the context of the
trusted site when the victim opens the Links panel.

CHARACTERISTICS

Identifiers: BID-31991, CVE-2008-4795, SUSE-SR:2008:023,
VIGILANCE-VUL-8210
http://vigilance.fr/vulnerability/8210


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts