Opera Browser Remote Code Execution and Spoofing Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 29 Oct 2009 5298 Views

RISK: Medium Risk

Medium Risk

Three vulnerabilities have been identified in Opera, which could be exploited by remote attackers to bypass security restrictions, spoof or gain knowledge of certaine information, or compromise a vulnerable system.

1. A memory corruption error when processing malformed domain names, which could lead to execution of arbitrary code via a specially crafted web page.

2. Input validation errors in the feed subscription page when processing certain scripts, which could allow automatic subscription of feeds, or reading other feeds.

3. An unspecified error within the handling of Web fonts while rendering parts of the user interface, which could allow a malicious web site to display a fake domain name in the address field.

Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Spoofing

System / Technologies affected

  • Opera versions prior to 10.01

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Opera version 10.01 :
http://www.opera.com/browser/

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Novell eDirectory HTTP Request Remote Buffer Overflow Vulnerability

28 Oct 2009 5242 Views

Next

Mozilla SeaMonkey Code Execution and Spoofing Vulnerabilities

29 Oct 2009 5249 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY