Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
References
Link | Resource |
---|---|
http://secunia.com/advisories/13253/ | Broken Link Vendor Advisory |
http://secunia.com/secunia_research/2004-13/advisory/ | Broken Link |
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ | Broken Link |
http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml | Third Party Advisory |
Configurations
Information
Published : 2005-01-09 21:00
Updated : 2022-02-28 10:38
NVD link : CVE-2004-1157
Mitre link : CVE-2004-1157
JSON object : View
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Products Affected
opera
- opera_browser