Advisory: Scripts can overwrite functions on pages from other domains

Scripts can overwrite functions on pages from other domains.

Severity: Highly Severe

Affected Versions

All versions of Opera for Desktop prior to Opera 9.24.

Problem Description

When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site.

Opera's Response

Opera Software has released Opera 9.24, where this issue has been fixed.

Credits

Thanks to David Bloom for reporting this issue to Opera Software.

Support

• New to Opera
• Register Opera Mobile
• Tutorials
• Knowledge base
• Community
• Reporting bugs
• Premium support
• Documentation

Web analytics powered by HitsLink. Copyright Opera Software ASA. All rights reserved.

Site Index | Contact | Privacymy.opera.com | operamini.com | widgets.opera.com | dev.opera.com | jobs.opera.com | operapowered.com
jp.opera.com | ru.opera.com | pl.opera.com | de.opera.com | cn.opera.com | tw.opera.com | in.opera.com