Scripts can overwrite functions on pages from other domains – Opera Security Advisories

Scripts can overwrite functions on pages from other domains.

Severity: Highly Severe

Affected Versions

All versions of Opera for Desktop prior to Opera 9.24.

 

Problem Description

 

When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker’s choice to run in the context of the target Web site.

 

Opera’s Response

 

Opera Software has released Opera 9.24, where this issue has been fixed.

 

Credits

 

Thanks to David Bloom for reporting this issue to Opera Software.