============ References: http://secunia.com/advisories/12028/
Quoted: Solution: This vulnerability has been eliminated in version 7.53. http://www.opera.com/download/ ============
How to eliminate ? Opera developer give it away showing you reet URL! Unbelievable.
Let us checkout this HTML and look at address bar.
[html]
[head]
[script]
location.replace('http://www.google.com/');
[/script]
[/head]
[body]
[h1]title[/h1]
[/body]
[/html]Or checkout,
[html]
[head]
[/head]
[body onload="location.replace('http://www.google.com/');"]
[h1]Onload?[/h1]
[/body]
[/html]NOTE: It is not security issue. It is a simple bug or the best manual workaround.
Best Regards.
-- bitlance winter
_________________________________________________________________
Don�t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
