Opera Content-Type HTML File Execution Vulnerability


Opera does not properly handle files based on the Content-Type specified. If HTML tags are included in the body of a file, Opera will not handle the file according to the Content-Type. For example: A file has the Content-Type text/plain and contains HTML tags in the file, Opera will execute the file as a HTML type rather than a text file.


It is possible to create a malicious web page containing arbitrary script code. When a legitimate user browses the malicious page, the script code could be executed in the user's browser.

Remote:Yes

Exploit: No exploit code is required to take advantage of this issue.

Vulnerable: Opera Software Opera Web Browser 6.0.1win32