Opera < 7.54 location Object Crafted URL Arbitrary Local File Access
Medium Nessus Plugin ID 14261
SynopsisThe remote host contains a web browser that is affected by multiple flaws.
DescriptionThe version of Opera on the remote host fails to block write access to the 'location' object. This could allow a user to create a specially crafted URL to overwrite methods within the 'location' object that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of confidentiality and integrity.
SolutionUpgrade to Opera 7.54 or newer.