Skip navigation

Cross-Site Scripting in Opera Mail Client

Cross-Site Scripting in Opera Mail Client

Reported September 19, 2005 by Secunia


Opera 8.x


Two flaws exist in the mail client component of the Opera Web browser that could be combined to launch an attack on an affected system. The first flaw is that email message file attachments are opened without warning the user of any possible dangers. The second flaw is that file attachment names can be spoofed, which allows intruders to attach HTML content but make the content appear to be something else, such as an image file. By combining the two flaws, intruders could inject JavaScript code that could expose local content on an affected system.

Secunia reported that Opera 8.02 was affected. Previous versions of the browser might also be affected.


Opera Software released an updated version, Opera 8.50, which corrects these problems. The updated version also corrects vulnerabilities with drag-and-drop functionality, cookie handling, and caching of Web pages delivered via Secure Sockets Layer (SSL) connections.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.