CVE-2013-1639

Currently unrated

Key Information:

Vendor: Opera
Status: Opera Browser
Vendor: CVE Published:; 8 February 2013

Summary

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.

References

http://www.opera.com/docs/changelogs/unified/1213/

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-updates/2013-02/msg000...

vendor-advisoryx_refsource_SUSE

http://www.opera.com/support/kb/view/1045/

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 8, 2013
Vulnerability Reserved
Feb 8, 2013