Skip to main content

Posts

Showing posts from 2019

U-XSS in OperaMini for iOS Browser (0-Day) [CVE-2019-13607]

TL;DRThe latest version (16.0.14) of Operamini for iOS browser is affected by an Universal-XSS vulnerability which can be triggered by performing navigation from target domain to attacker controlled domain. When attacker controlled domain returns "javascript:code_here" in "location" header then browser executes the javascript code in the context of target domain instead of attacker domain. This vulnerability is yet not fixed by Opera team. 
Update [15 July 2019] : CVE-2019-13607 is assigned to this vulnerability.

So while playing with Operamini browser I noticed that when a navigation to "javascript" protocol occurs via "location" header then browser executes the provided javascript code.
For example if the value of "location" header is "javascript:alert()" then javascript code "alert()" gets executed by the browser. Normally browsers prevent navigation to "javascript:" URLs initiated via "location&quo…