====================================================================== Secunia Research 28/07/2005 - Opera Image Dragging Vulnerability - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerability.........................................3 Solution.............................................................4 Credits..............................................................5 Time Table...........................................................6 About Secunia........................................................7 Verification.........................................................8 ====================================================================== 1) Affected Software Opera 8.01 Prior versions may also be affected. ====================================================================== 2) Severity Rating: Moderately critical Impact: Security Bypass Cross Site Scripting Where: From remote ====================================================================== 3) Description of Vulnerability Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and retrieve a user's files. The vulnerability is caused due to Opera allowing a user to drag e.g. an image, which is actually a "javascript:" URI, resulting in cross-site scripting if dropped over another site. This may also be used to populate a file upload form, resulting in uploading of arbitrary files to a malicious web site. Successful exploitation requires that the user is tricked into dragging and dropping e.g. an image or a link. The vulnerability has been confirmed in version 8.01. Prior versions may also be affected. ====================================================================== 4) Solution Update to version 8.02. http://www.opera.com/download/ ====================================================================== 5) Credits Discovered by Jakob Balle, Secunia Research. ====================================================================== 6) Time Table 20/06/2005 - Vendor notified. 28/07/2005 - Updated version released. Public disclosure. ====================================================================== 7) About Secunia Secunia collects, validates, assesses, and writes advisories regarding all the latest software vulnerabilities disclosed to the public. These advisories are gathered in a publicly available database at the Secunia web site: https://www.flexera.com/ Secunia offers services to our customers enabling them to receive all relevant vulnerability information to their specific system configuration. Secunia offers a FREE mailing list called Secunia Security Advisories: https://www.flexera.com/secunia_security_advisories/ ====================================================================== 8) Verification Please verify this advisory by visiting the Secunia web site: https://www.flexera.com/about-us/secunia-research/advisories/sr-2005-18.html Complete list of vulnerability reports released by Secunia Research: https://www.flexera.com/about-us/secunia-research/advisories/ =====================================================================