First published: Wed Dec 07 2011(Updated: )
The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opera | =7.01 | |
Opera | =9.27 | |
Opera | =7.23 | |
Opera | =9.50-beta1 | |
Opera | =9.02 | |
Opera | =10.53-b | |
Opera | =7.03 | |
Opera | =10.10 | |
Opera | =11.50-alpha | |
Opera | =7.53 | |
Opera | =8.50 | |
Opera | =9.50 | |
Opera | =11.10-alpha | |
Opera | =9.24 | |
Opera | =11.50 | |
Opera | =5.0-beta2 | |
Opera | =10.61 | |
Opera | =5.11 | |
Opera | =9.63 | |
Opera | =6.1 | |
Opera | =7.20 | |
Opera | =6.02 | |
Opera | =9.51 | |
Opera | =5.02 | |
Opera | =10.00 | |
Opera | =9.26 | |
Opera | =10.50 | |
Opera | =5.10 | |
Opera | =8.53 | |
Opera | =9.12 | |
Opera | =7.11-beta2 | |
Opera | =8.0 | |
Opera | =10.62 | |
Opera | =11.50-beta | |
Opera | =10.00-beta3 | |
Opera | =6.04 | |
Opera | =8.54 | |
Opera | =11.00-alpha | |
Opera | =6.11 | |
Opera | =5.0-beta4 | |
Opera | =6.05 | |
Opera | =8.02 | |
Opera | =9.20 | |
Opera | =7.50-beta1 | |
Opera | =5.12 | |
Opera | =11.52 | |
Opera | =9.21 | |
Opera | <=11.60 | |
Opera | =11.51 | |
Opera | =7.10 | |
Opera | =9.0-beta1 | |
Opera | =6.0-tp3 | |
Opera | =9.23 | |
Opera | =6.0-tp1 | |
Opera | =8.0-beta3 | |
Opera | =11.10-beta | |
Opera | =10.60-beta1 | |
Opera | =5.0-beta8 | |
Opera | =10.52 | |
Opera | =10.51 | |
Opera | =9.60 | |
Opera | =7.0-beta1_v2 | |
Opera | =10.54 | |
Opera | =8.51 | |
Opera | =5.0-beta5 | |
Opera | =7.50 | |
Opera | =7.02 | |
Opera | =7.21 | |
Opera | =6.0-tp2 | |
Opera | =5.0-beta7 | |
Opera | =10.50-beta1 | |
Opera | =7.20-beta7 | |
Opera | =7.54-update1 | |
Opera | =9.64 | |
Opera | =9.20-beta1 | |
Opera | =10.53 | |
Opera | =7.60 | |
Opera | =7.11 | |
Opera | =11.00-beta | |
Opera | =7.0-beta2 | |
Opera | =7.54 | |
Opera | =9.0-beta2 | |
Opera | =6.03 | |
Opera | =7.0-beta1 | |
Opera | =11.01 | |
Opera | =9.22 | |
Opera | =6.0-beta1 | |
Opera | =9.01 | |
Opera | =9.0 | |
Opera | =5.0 | |
Opera | =9.25 | |
Opera | =7.51 | |
Opera | =8.0-beta2 | |
Opera | =9.10 | |
Opera | =10.00-beta1 | |
Opera | =9.50-beta2 | |
Opera | =6.12 | |
Opera | =9.60-beta1 | |
Opera | =9.62 | |
Opera | =10.00-beta2 | |
Opera | =6.0-beta2 | |
Opera | =5.0-beta3 | |
Opera | =6.01 | |
Opera | =8.52 | |
Opera | =10.50-beta2 | |
Opera | =6.06 | |
Opera | =10.60 | |
Opera | =7.52 | |
Opera | =7.54-update2 | |
Opera | =5.0-beta6 | |
Opera | =8.01 | |
Opera | =6.1-beta1 | |
Opera | =10.63 | |
Opera | =10.10-beta1 | |
Opera | =9.61 | |
Opera | =10.01 | |
Opera | =9.52 | |
Opera | =8.0-beta1 | |
Opera | =11.00 | |
Opera | =6.0 | |
Opera | =7.22 | |
Opera | =7.10-beta1 | |
Opera | =7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-4682 has been classified as a high-severity vulnerability due to its ability to bypass the Same Origin Policy.
CVE-2011-4682 allows remote attackers to bypass the Same Origin Policy by exploiting improper implementation of the 'in' operator in the JavaScript engine.
To fix CVE-2011-4682, ensure that Opera is updated to version 11.60 or newer.
CVE-2011-4682 affects multiple versions of Opera browsers prior to 11.60.
Users of affected versions of Opera may be vulnerable to cross-site scripting attacks due to the vulnerability.