Cross-Origin Resource Sharing Flaw in Opera Browser
CVE-2013-1639

Currently unrated

Key Information:

Vendor: Opera
Status: Opera Browser
Vendor: CVE Published:; 8 February 2013

Summary

A security issue in Opera prior to version 12.13 enables remote attackers to circumvent the Cross-Site Request Forgery (CSRF) protection mechanism. The vulnerability arises from the browser's failure to issue necessary CORS preflight requests in specific scenarios, allowing potential exploitation through malicious web pages that trigger unauthorized CORS requests.

References

http://www.opera.com/docs/changelogs/unified/1213/

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-updates/2013-02/msg000...

vendor-advisoryx_refsource_SUSE

http://www.opera.com/support/kb/view/1045/

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 8, 2013
Vulnerability Reserved
Feb 8, 2013