Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA28169] Opera Multiple Vulnerabilities
> ----------------------------------------------------------------------
>
> TITLE:
> Opera Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA28169
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28169/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> Security Bypass, Exposure of sensitive information, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Opera 5.x
> http://secunia.com/product/82/
> Opera 6.x
> http://secunia.com/product/81/
> Opera 7.x
> http://secunia.com/product/761/
> Opera 8.x
> http://secunia.com/product/4932/
> Opera 9.x
> http://secunia.com/product/10615/
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Opera, which can be
> exploited by malicious people to bypass certain security
> restrictions, disclose sensitive information, and compromise a user's
> system.
>
> 1) An unspecified error can be exploited via certain plugins to
> conduct cross-domain scripting attacks.
>
> 2) An unspecified error within the processing of TLS certificates can
> be exploited to execute arbitrary code.
>
> 3) An unspecified error within Rich text editing when using
> designMode can be exploited to conduct cross-domain scripting
> attacks.
>
> 4) An unspecified error within the processing of bitmaps can be
> exploited to disclose the contents of random memory areas.
>
> The vulnerabilities are reported in versions prior to 9.25.
>
> SOLUTION:
> Update to version 9.25.
> http://www.opera.com/download/
>
> PROVIDED AND/OR DISCOVERED BY:
> 1, 3) The vendor credits David Bloom.
> 2) The vendor credits Alexander Klink, Cynops GmbH.
> 4) The vendor credits Gynvael Coldwind.
>
> ORIGINAL ADVISORY:
> http://www.opera.com/docs/changelogs/windows/925/#security
> http://www.opera.com/support/search/view/875/
>
|
