Secunia Research: Opera Image Dragging Vulnerability

======================================================================

                     Secunia Research 28/07/2005

               - Opera Image Dragging Vulnerability -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Credits..............................................................5
Time Table...........................................................6
About Secunia........................................................7
Verification.........................................................8

======================================================================
1) Affected Software

Opera 8.01

Prior versions may also be affected.

======================================================================
2) Severity

Rating: Moderately critical
Impact: Security Bypass
        Cross Site Scripting
Where:  From remote

======================================================================
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Opera, which can be
exploited by malicious people to conduct cross-site scripting attacks
and retrieve a user's files.

The vulnerability is caused due to Opera allowing a user to drag e.g.
an image, which is actually a "javascript:" URI, resulting in
cross-site scripting if dropped over another site. This may also be
used to populate a file upload form, resulting in uploading of
arbitrary files to a malicious web site.

Successful exploitation requires that the user is tricked into
dragging and dropping e.g. an image or a link.

The vulnerability has been confirmed in version 8.01. Prior versions
may also be affected.

======================================================================
4) Solution

Update to version 8.02.
http://www.opera.com/download/

======================================================================
5) Credits

Discovered by Jakob Balle, Secunia Research.

======================================================================
6) Time Table

20/06/2005 - Vendor notified.
28/07/2005 - Updated version released. Public disclosure.

======================================================================
7) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia web site:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
8) Verification

Please verify this advisory by visiting the Secunia web site:
http://secunia.com/secunia_research/2005-18/advisory/

Complete list of vulnerability reports released by Secunia Research:
http://secunia.com/secunia_research/

=====================================================================