Skip to main content

Opera Browser Code Execution and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 18 Dec 2008 5311 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Opera, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or compromise a vulnerable system.

1. A buffer overflow error when handling certain text-area contents, which could be exploited to execute arbitrary code.

2. A memory corruption error when processing certain HTML constructs, which could be exploited to cause a crash or execute arbitrary code.

3. An input validation error in the feed preview feature when processing URLs, which could be exploited to inject malicious script.

4. An error in the built-in XSLT templates that incorrectly handle escaped content, which could be exploited to inject scripted markup.

5. An unspecified error which could be exploited to reveal random data.

6. An error when processing SVG images embedded using "img" tags, which can be exploited to execute Java or plugin content.


Impact

  • Denial of Service
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Opera versions prior to 9.63

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier

  • No CVE information is available

Source


Related Link