Opera Multiple Vulnerabilities
Last Update Date:
1 Feb 2011
Release Date:
28 Jan 2011
6199
Views
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities have been identified in Opera, which could be exploited by remote attackers to gain knowledge of sensitive information, perfom unauthorized actions, or compromise a vulnerable system.
- An integer truncation error when handling large form inputs, which could be exploited to execute arbitrary code via a malicious web page.
- An error when handling internal "opera:" URLs, which could allow clickjacking attacks.
- An error when handling certain HTTP responses and redirections, which could allow malicious web pages to load files from a vulnerable system as web page resources.
- Due to passwords not being deleted immediately when using "Delete Private Data" and selecting the option to "Clear all email account passwords".
- An error when displaying a downloaded file in its folder, which could allow attackers to execute arbitrary code but requires very significant user interaction.
- An error when handling "javascript:" URLs in CSS -o-link values.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Opera version 11.00 and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Opera version 11.01 :
http://www.opera.com/download/
Vulnerability Identifier
- No CVE information is available
Source
Related Link
- http://www.opera.com/docs/changelogs/windows/1101/
- http://www.opera.com/support/kb/view/982/
- http://www.opera.com/support/kb/view/983/
- http://www.opera.com/support/kb/view/984/
- http://www.opera.com/support/kb/view/985/
- http://www.opera.com/support/kb/view/986/
- http://www.vupen.com/english/advisories/2011/0231
- http://www.secunia.com/advisories/43023/
Share with