FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

opera -- "javascript:" URL cross-site scripting vulnerability

Affected packages
linux-opera < 8.01
opera < 8.01
opera-devel < 8.01


VuXML ID 40856a51-e1d9-11d9-b875-0001020eed82
Discovery 2005-06-16
Entry 2005-06-20

A Secunia Advisory reports:

Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and to read local files.

The vulnerability is caused due to Opera not properly restricting the privileges of "javascript:" URLs when opened in e.g. new windows or frames.


CVE Name CVE-2005-1669