CVE-2001-0898

Opera Web Browser < 6.0 - Information Disclosure via JavaScript setTimeout

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0898. PoCs published by Georgi Guninski.

AI-analyzed exploit summary This exploit demonstrates a Same Origin Policy bypass in Opera browser, allowing cross-domain script execution to access cookies from another domain (e.g., Yahoo Mail). The PoC opens a new window, waits for it to load, then extracts and displays cookies via JavaScript.

Description

Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Georgi Guninski · textremotewindows
https://www.exploit-db.com/exploits/21156

This exploit demonstrates a Same Origin Policy bypass in Opera browser, allowing cross-domain script execution to access cookies from another domain (e.g., Yahoo Mail). The PoC opens a new window, waits for it to load, then extracts and displays cookies via JavaScript.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Opera Browser (versions prior to fix for CVE-2001-0898)
No auth needed
Prerequisites: Victim must visit a malicious webpage using vulnerable Opera browser
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7567.php
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=100588139312696&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=100586079932284&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3553

Scores

EPSS 0.0309
EPSS Percentile 86.0%

Details

Status published
Products (1)
opera_software/opera_web_browser < 6.0
Published Nov 15, 2001
Tracked Since Feb 18, 2026