Description
Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.
References (2)
Core 2
Core References
Technical Description, Third Party Advisory x_refsource_misc
http://crypto.stanford.edu/dns/dns-rebinding.pdf
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/45526
Scores
EPSS
0.0027
EPSS Percentile
50.0%
Details
Status
published
Products (1)
opera/opera_browser
9.0
Published
Oct 08, 2007
Tracked Since
Feb 18, 2026