Opera 5.12/6.0 - Frame Location Same Origin Policy Circumvention

source: https://www.securityfocus.com/bid/4745/info

Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux. A vulnerability has been reported in some versions of the Opera Browser.

It is possible to bypass the same origin policy in some versions of the Opera Browser. Javascript may modify the location property of an IFRAME or FRAME included in the document. If the location is set to a javascript: URL, the script code will execute within the context of the previous frame site.

<iframe name=foo src="www.sensitive.com"></iframe>
<script>foo.location="javascript:alert(document.cookie)";</script>