Paid Advertising
web application security lab

Opera Vulnerable to Hex Tabs In JavaScript Directives

Moritz Naumann alerted me to the fact that Opera is in fact still vulnerable to embedded encoded tabs in JavaScript Directives. For some reason I had marked this as not a valid vector (some testing along the way went awry). It’s interesting that any modern browsers are still vulnerable to this.

For those of you who weren’t watching while all this was going down, Internet Explorer removed the usability of JavaScript directive from images and Firefox never supported it. So of all the modern browsers only Opera 9.x is still vulnerable to this form of obfuscation. Thanks, Moritz! Good catch!

One Response to “Opera Vulnerable to Hex Tabs In JavaScript Directives”

  1. Kyran Says:

    Hm, this is interesting. Nice one.

    /runs off to notify Opera Devs.