CVE-2011-4682

Opera Browser < 11.60 - Same Origin Policy Bypass via JavaScript in Operator

Title source: llm
STIX 2.1

Description

The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/mac/1160/
Vendor Advisory x_refsource_confirm
http://www.opera.com/support/kb/view/1005/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/1160/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/unix/1160/

Scores

EPSS 0.0028
EPSS Percentile 51.2%

Details

CWE
CWE-264
Status published
Products (30)
opera/opera_browser 5.0 (8 CPE variants)
opera/opera_browser 5.02
opera/opera_browser 5.10
opera/opera_browser 5.11
opera/opera_browser 5.12
opera/opera_browser 6.0 (6 CPE variants)
opera/opera_browser 6.1 (2 CPE variants)
opera/opera_browser 6.01
opera/opera_browser 6.02
opera/opera_browser 6.03
... and 20 more
Published Dec 07, 2011
Tracked Since Feb 18, 2026