Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.
References
Link | Resource |
---|---|
http://www.opera.com/docs/changelogs/unified/1215/ | |
http://www.opera.com/security/advisory/1047 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2013-04-19 11:44
Updated : 2024-02-28 12:00
NVD link : CVE-2013-3210
Mitre link : CVE-2013-3210
CVE.ORG link : CVE-2013-3210
JSON object : View
Products Affected
opera
- opera_browser
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor