Description
Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
References (4)
Core 4
Core References
Broken Link x_refsource_misc
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/13253/
Broken Link x_refsource_misc
http://secunia.com/secunia_research/2004-13/advisory/
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml
Scores
EPSS
0.0067
EPSS Percentile
71.6%
Details
CWE
CWE-74
Status
published
Products (1)
opera/opera_browser
7.0 - 7.54
Published
Jan 10, 2005
Tracked Since
Feb 18, 2026