Cross-Site Scripting in Opera Mail Client
Reported September 19, 2005 by Secunia
VERSIONS AFFECTED
Opera 8.x |
DESCRIPTION
Two flaws exist in the mail client component of the Opera Web browser that could be combined to launch an attack on an affected system. The first flaw is that email message file attachments are opened without warning the user of any possible dangers. The second flaw is that file attachment names can be spoofed, which allows intruders to attach HTML content but make the content appear to be something else, such as an image file. By combining the two flaws, intruders could inject JavaScript code that could expose local content on an affected system.
Secunia reported that Opera 8.02 was affected. Previous versions of the browser might also be affected.
VENDOR RESPONSE
Opera Software released an updated version, Opera 8.50, which corrects these problems. The updated version also corrects vulnerabilities with drag-and-drop functionality, cookie handling, and caching of Web pages delivered via Secure Sockets Layer (SSL) connections.