Cenzic 232 Patent
Paid Advertising
web application security lab

Cheat Sheet Updated For Opera 9

Whelp, I finally found enough time to go through and test for Opera 9 and update the Cross Site Scripting Cheat Sheet thanks to help by Kanedaaa. Instead of it taking 4-6 hours it only took 2, thanks to him - so big thanks there!

The biggest thing to note was a change to the remote style sheet part 3 vector. Previously only Opera was vulnerable to it, and apparently they’ve fixed that. It’s a good thing because it wasn’t RFC compliant anyway.

For the most part Opera remains unchanged as far as vulnerability to XSS as a whole. It’s still pretty good, but hasn’t improved wildly over the last major revision. Thanks again to Kanedaaa, as I really just needed a kick to start on it. Next I have to test Firefox 2.0. I pretty much already have, but that’ll probably have to wait until the weekend when I have more time.

4 Responses to “Cheat Sheet Updated For Opera 9”

  1. maluc Says:

    thanks for keeping it up to date, really helps to have it all in one place. keep it up..

    -maluc

  2. pdp Says:

    What can I say… very good work.

  3. Kyo Says:

    Nice, nice, but why take out the results for the Old version?

  4. RSnake Says:

    Well I don’t really want to keep versions up there unless there’s a reason to. Most people tend to upgrade and the differences between Opera 8 and Opera 9 represents only two attack vectors. The only reason I’m keeping versions around for internet explorer is because IE7.0 isn’t completely deployed yet.

    Why do you see some practical reason to keep it around?