Secunia Research: Opera "javascript:" URLs Cross-Site Scripting

======================================================================

                   Secunia Research 16/06/2005

         - Opera "javascript:" URLs Cross-Site Scripting -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

Opera 8.0 Final Build 1095

Prior versions may also be affected.

======================================================================
2) Severity

Rating: Moderately critical
Impact: Cross Site Scripting
Where:  From remote

======================================================================
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Opera, which can
be exploited by malicious people to conduct cross-site scripting
attacks and to read local files.

The vulnerability is caused due to Opera not properly restricting the
privileges of "javascript:" URLs when opened in e.g. new windows or
frames.

The vulnerability has been confirmed in version 8.0. Other versions
may also be affected.

======================================================================
4) Solution

Update to Opera 8.01
http://www.opera.com/download/

======================================================================
5) Time Table

18/05/2005 - Vulnerability discovered and reported to vendor.
16/06/2005 - Public disclosure.

======================================================================
6) Credits

Discovered by Jakob Balle, Secunia Research.

======================================================================
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
candidate number CAN-2005-1669 for the vulnerability.

======================================================================
8) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia web site:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia web site:
http://secunia.com/secunia_research/2005-05/advisory/

Complete list of vulnerability reports released by Secunia Research:
http://secunia.com/secunia_research/

======================================================================