Opera 9.52 and previous versions does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opera opera browser 9.0 |
||
opera opera browser 7.53 |
||
opera opera browser 8.51 |
||
opera opera browser 8.53 |
||
opera opera browser 8.02 |
||
opera opera browser 9.22 |
||
opera opera browser 9.20 |
||
opera opera browser 9.10 |
||
opera opera browser 7.23 |
||
opera opera browser 8.0 |
||
opera opera browser 9.01 |
||
opera opera browser |
||
opera opera browser 10.00 |
||
opera opera browser 7.54 |
||
opera opera browser 7.0 |
||
opera opera browser 8.50 |
||
opera opera browser 9.51 |
||
opera opera browser 9.12 |
||
opera opera browser 9.02 |
||
opera opera browser 9.21 |
||
opera opera browser 8.54 |
||
opera opera browser 8.01 |
||
opera opera browser 7.60 |
||
opera opera browser 8.52 |