Opera Multiple Vulnerabilities
Last Update Date:
28 Mar 2012 10:30
Release Date:
28 Mar 2012
6327
Views
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system.
- An error when displaying the download dialog box within a small window can be exploited to download and execute a file by tricking a user into entering a specific keyboard sequence.
- An error when displaying the download dialog box can be exploited to overlay the box with other content subsequently tricking a user into downloading and executing a file.
- An error when handling history.state of sites implementing history.pushState and history.replaceState can be exploited to bypass the cross-domain policy restriction and disclose certain information to other sites.
- An error when displaying certain dialogs can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.
- An error when handling redirects to a slowly responding, trusted site can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.
Impact
- Remote Code Execution
- Security Restriction Bypass
- Spoofing
System / Technologies affected
- Opera 11.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 11.62.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with