Opera Browser Code Execution and Security Bypass Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Opera, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or compromise a vulnerable system.
1. A buffer overflow error when handling certain text-area contents, which could be exploited to execute arbitrary code.
2. A memory corruption error when processing certain HTML constructs, which could be exploited to cause a crash or execute arbitrary code.
3. An input validation error in the feed preview feature when processing URLs, which could be exploited to inject malicious script.
4. An error in the built-in XSLT templates that incorrectly handle escaped content, which could be exploited to inject scripted markup.
5. An unspecified error which could be exploited to reveal random data.
6. An error when processing SVG images embedded using "img" tags, which can be exploited to execute Java or plugin content.
Impact
- Denial of Service
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Opera versions prior to 9.63
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Opera version 9.63 :
http://www.opera.com/download/get.pl?id=31941&thanks=true?=true
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with