[Am-info] Opera Frame Location Same Origin Policy Circumvention Vulnerability

Tue, 21 May 2002 14:20:39 -0400

Opera is a web browser product created by Opera Software, and is=20
available
for a range of operating systems including Windows and Linux. A
vulnerability has been reported in some versions of the Opera Browser.

In modern browsers, script code executing in the context of one website
should not be able to access the properties of another. This is a=20
security
feature known as the 'same origin policy', and it is put in place to
prevent malicious websites from interacting with and possibly stealing
sensitive information from others in different windows.

It is possible to bypass the same origin policy in some versions of=20
Opera.
Javascript executing within the context of a page is able to modify the
location parameter of an IFRAME or FRAME within the page. By setting the
location to a javascript: URL, code may be injected into the context of
the frame.

Exploitation of this vulnerability results in arbitrary Javascript code
executing within an arbitrary context. The consequences can be severe.=20
It
may be possible to access cookie data, including auhentication
credentials, or to take actions as an authenticated user.

It has also been demonstrated possible to execute script code, accessing
some elements of the local system. A provided proof of concept provides
access to information about the local file system layout.

- --=20
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org
- --- SuSE Linux v8.0 Pro---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzqj/cACgkQB9vk4ichYXeoogCgpSlQp7m44lLvldNb4rKUe8lj
GV0AoIog0l+1N6uclhXIFvA3xb8TzPoM
=3DsPSW
-----END PGP SIGNATURE-----