IBM Application Security Insider: Opera Mobile Cache Poisoning XAS

« The Ultimate Web App Security Scanner Comparison Published - AppScan Standard Leads the Pack | Main | Dolphin Browser HD Cross-Application Scripting »

September 20, 2011

Opera Mobile Cache Poisoning XAS

Recently we detected a security vulnerability in Opera Mobile for Android which can be exploited by a non-privileged application in order to inject JavaScript code into the
context of any domain; therefore, this vulnerability has the same implications as global XSS, albeit from an installed application rather than another website.

Opera Mobile 11.1 update 2 has been released, which incorporates a fix for this bug.

The complete advisory can be found here.

Demo of the PoC:

We would like to thank the Opera Team for the efficient and quick way in which it handled this security issue.

Posted by Roee Hay on September 20, 2011 | Permalink

Comments

The comments to this entry are closed.

Follow us on Twitter

IBM Application Security Insider

Follow @AppSecInsider

AppScan Free Trial

Try IBM Security AppScan software at no charge.

Download the free trial

Search

Application Security Links

Become a Fan

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM shall not be liable for any direct or indirect damages arising out of use of this Weblog.

IBM Application Security Insider

September 20, 2011

Opera Mobile Cache Poisoning XAS

Comments

Follow us on Twitter

AppScan Free Trial

Search

Recent Posts

Archives

Categories

Application Security Links

Other Blogs We Read

Pages

Become a Fan