Advisory: Malicious setRequestHeader cross-site vulnerability

Summary

A malicious setRequestHeader can be used to steal user credentials and inject cross-site JavaScript.

Severity: high

Opera's response

Since version 8.02 of Opera, double newlines or a single newline not followed by a space are removed. Users with a version older than 8.02 should upgrade to the most recent version of Opera.

Credits

Thanks to Yutaka OIWA for reporting this issue.

Support

• New to Opera
• Register Opera Mobile
• Tutorials
• Knowledge base
• Community
• Reporting bugs
• Premium support
• Documentation

Web analytics powered by HitsLink. Copyright Opera Software ASA. All rights reserved.

Site Index | Contact | Privacymy.opera.com | operamini.com | widgets.opera.com | dev.opera.com | jobs.opera.com | operapowered.com
jp.opera.com | ru.opera.com | pl.opera.com | de.opera.com | cn.opera.com | tw.opera.com | in.opera.com