DescriptionOpera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- openSUSE-SU-2011:1314-1, published Fri, 9 Dec 2011 13:08:23 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 11.3 |
|openSUSE 11.4|| ||Patchnames: