Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA27277] Opera Two Vulnerabilities



>
> TITLE:
> Opera Two Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA27277
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/27277/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> Cross Site Scripting, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Opera 5.x
> http://secunia.com/product/82/
> Opera 6.x
> http://secunia.com/product/81/
> Opera 7.x
> http://secunia.com/product/761/
> Opera 8.x
> http://secunia.com/product/4932/
> Opera 9.x
> http://secunia.com/product/10615/
>
> DESCRIPTION:
> Two vulnerabilities have been reported in Opera, which can be
> exploited by malicious people to conduct cross-site scripting attacks
> and to compromise a user's system.
>
> 1) Opera may launch external email or newsgroup clients incorrectly.
> This can be exploited to execute arbitrary commands by e.g. visiting
> a malicious website.
>
> Successful exploitation requires that the user has configured an
> external email or newsgroup client.
>
> 2) An error when processing frames from different websites can be
> exploited to bypass the same-origin policy. This allows to overwrite
> functions of those frames and to execute arbitrary HTML and script
> code in a user's browser session in context of other sites.
>
> The vulnerabilities are reported in all versions of Opera for Desktop
> prior to version 9.24.
>
> SOLUTION:
> Update to version 9.24.
> http://www.opera.com/download/
>
> PROVIDED AND/OR DISCOVERED BY:
> 1) Michael A. Puls II
> 2) David Bloom
>
> ORIGINAL ADVISORY:
> 1) http://www.opera.com/support/search/view/866/
> 2) http://www.opera.com/support/search/view/867/
>



 




Copyright © Lexa Software, 1996-2009.