SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
Opera XMLHttpRequest Access Controls Can By Bypassed By Remote Users
SecurityTracker Alert ID:  1014239
SecurityTracker URL:  http://securitytracker.com/id/1014239
CVE Reference:   CVE-2005-1475   (Links to External Site)
Date:  Jun 19 2005
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.0
Description:   A vulnerability was reported in the Opera web browser in the processing of the XMLHttpRequest object. A remote user can view the contents of files on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will invoke the XMLHttpRequest object to access resources from outside the current domain.

This vulnerability was previously reported by Jelmer as affecting Internet Explorer and by GreyMagic Software as affecting Mozilla and Netscape.

The vendor was notified on April 19, 2005.

Jakob Balle of Secunia Research reported this vulnerability.

The original advisory is available at:

http://secunia.com/secunia_research/2005-4/advisory/

Impact:   A remote user can view the contents of files on the target user's system.
Solution:   The vendor has issued a fixed version (8.01), available at:

http://www.opera.com/download/

Vendor URL:  www.opera.com/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC