Cross-Site Scripting in Opera Mail Client

Reported September 19, 2005 by Secunia

VERSIONS AFFECTED

Opera 8.x


DESCRIPTION

Two flaws exist in the mail client component of the Opera Web browser that could be combined to launch an attack on an affected system. The first flaw is that email message file attachments are opened without warning the user of any possible dangers. The second flaw is that file attachment names can be spoofed, which allows intruders to attach HTML content but make the content appear to be something else, such as an image file. By combining the two flaws, intruders could inject JavaScript code that could expose local content on an affected system.

Secunia reported that Opera 8.02 was affected. Previous versions of the browser might also be affected.

VENDOR RESPONSE

Opera Software released an updated version, Opera 8.50, which corrects these problems. The updated version also corrects vulnerabilities with drag-and-drop functionality, cookie handling, and caching of Web pages delivered via Secure Sockets Layer (SSL) connections.