JVN#39157969
Third-party cookie issue in Opera
Overview
Opera contains an issue in which third-party cookies are not handled properly.
Products Affected
- Opera 9.64 and earlier
Description
Opera contains an issue in which third-party cookies are not handled properly. Please note that this issue only occurs when the user changes the setting for "Accept only cookies from the site I visit" from the default installation of Opera.
Impact
A remote attacker may be able to trace an user's activity on the web.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Opera |
Opera 10 |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2009.09.17
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Routed - can be attacked over the Internet using packets |
|
| Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | Complex - the user must be convinced to take a difficult or suspicious action. If the honest user must have elevated privileges, they are likely to be more suspicious |
|
| Exploit Complexity | Low - little to no expertise and/or luck required to exploit (cross-site scripting) |
|
Credit
Hideki Sakamoto of Tsukuba Secure Network Research Co. Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2009-000061 |