News
Vigil@nce - Opera: two vulnerabilities
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to display a malicious site with Opera, in order to create a Cross Site Scripting or to detect if a file exists.
Severity: 2/4
Creation date: 24/01/2012
IMPACTED PRODUCTS
Opera
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in Opera.
An attacker can create an HTML page which changes a FRAME, in order to execute script code in the context of another web site. [severity:2/4]
An attacker can use a JavaScript event, in order to detect if a file exists on victim’s computer. [severity:1/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
