Vulnerability Description
The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opera | Opera Browser | <= 11.60 |
Related Weaknesses (CWE)
References
- http://www.opera.com/docs/changelogs/mac/1160/
- http://www.opera.com/docs/changelogs/unix/1160/
- http://www.opera.com/docs/changelogs/windows/1160/
- http://www.opera.com/support/kb/view/1005/Vendor Advisory
- http://www.opera.com/docs/changelogs/mac/1160/
- http://www.opera.com/docs/changelogs/unix/1160/
- http://www.opera.com/docs/changelogs/windows/1160/
- http://www.opera.com/support/kb/view/1005/Vendor Advisory
FAQ
What is CVE-2011-4682?
CVE-2011-4682 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different we...
How severe is CVE-2011-4682?
CVE-2011-4682 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4682?
Check the references section above for vendor advisories and patch information. Affected products include: Opera Opera Browser.