Skip to main content

Opera Browser Remote Code Execution and Spoofing Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 29 Oct 2009 5439 Views

RISK: Medium Risk

Three vulnerabilities have been identified in Opera, which could be exploited by remote attackers to bypass security restrictions, spoof or gain knowledge of certaine information, or compromise a vulnerable system.

1. A memory corruption error when processing malformed domain names, which could lead to execution of arbitrary code via a specially crafted web page.

2. Input validation errors in the feed subscription page when processing certain scripts, which could allow automatic subscription of feeds, or reading other feeds.

3. An unspecified error within the handling of Web fonts while rendering parts of the user interface, which could allow a malicious web site to display a fake domain name in the address field.


Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Spoofing

System / Technologies affected

  • Opera versions prior to 10.01

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Opera version 10.01 :
http://www.opera.com/browser/


Vulnerability Identifier

  • No CVE information is available

Source


Related Link