Same Origin Policy bypass vulnerability in Opera via history.pushState and history.replaceState functions (rpm)ID: oval:org.secpod.oval:def:4950 | Date: (C)2012-03-30 (M)2023-12-02 |
Class: VULNERABILITY | Family: unix |
The host is installed with Opera Browser before 11.62 and is prone to Same Origin Policy bypass vulnerability. A flaw is present in the application, which fails to handle history.pushState and history.replaceState functions in conjunction with cross-domain frames. Successful exploitation allows emote attackers to gain unintended read access to history.state information.