CVE-2009-2351

Name of the Vulnerable Software and Affected Versions Opera versions 9.52 and earlier Opera version 10.00 Beta 3 Build 1699

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to injecting or specifying the content of a Refresh header in HTTP responses. This is due to the failure to block javascript: URIs in Refresh headers.

Recommendations For Opera versions 9.52 and earlier, update to a version later than 9.52 to resolve the issue. For Opera version 10.00 Beta 3 Build 1699, consider disabling the handling of Refresh headers in HTTP responses until a patch is available.