> Opera Two Vulnerabilities
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Highly critical
> Cross Site Scripting, System access
> From remote
> Opera 5.x
> Opera 6.x
> Opera 7.x
> Opera 8.x
> Opera 9.x
> Two vulnerabilities have been reported in Opera, which can be
> exploited by malicious people to conduct cross-site scripting attacks
> and to compromise a user's system.
> 1) Opera may launch external email or newsgroup clients incorrectly.
> This can be exploited to execute arbitrary commands by e.g. visiting
> a malicious website.
> Successful exploitation requires that the user has configured an
> external email or newsgroup client.
> 2) An error when processing frames from different websites can be
> exploited to bypass the same-origin policy. This allows to overwrite
> functions of those frames and to execute arbitrary HTML and script
> code in a user's browser session in context of other sites.
> The vulnerabilities are reported in all versions of Opera for Desktop
> prior to version 9.24.
> Update to version 9.24.
> PROVIDED AND/OR DISCOVERED BY:
> 1) Michael A. Puls II
> 2) David Bloom
> ORIGINAL ADVISORY:
> 1) http://www.opera.com/support/search/view/866/
> 2) http://www.opera.com/support/search/view/867/