Severity Moderately Severe Problem Description Specially malformed bitmap images can cause Opera to render the image using a palette made up from uninitialized memory. Using canvas, the pattern can be read and analyzed by JavaScript, so an attacker can get random samples of the user’s memory, which may contain data. Opera’s Response Opera Software has…
Problem Description Rich editing using designMode allows page contents to be edited. Pages can use this ability to inject scripts into pages from other domains. This allows cross domain scripting. Opera’s Response Opera Software has released Opera 9.25, where this issue has been fixed. Credits Thanks to David Bloom for reporting this issue to Opera…
Severity Moderate Problem description Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own character encoding.A malicious page that uses the UTF-7 character encoding can includeother sites, for example inside iframes. This can be exploited toperform cross-site scripting on certain sites, allowing the attackerto get access to…
Severity Highly Severe Problem Description Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untrusted users, which it then displays using XSLT as escaped strings, this can allow scripted markup to be injected. The scripts will then be executed in the security…
Severity Highly Severe Problem Description When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may…
Severity Highly Severe Problem Description Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remote Web pages cannot refer to file: URLs, so successful exploitation involves tricking users into manually opening the exploit URL, or a local file that refers to it. Opera’s Response…
Severity Extremely Severe Problem Description Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional techniques will have to be employed. Opera’s Response Opera Software has released Opera 9.63, where this issue has been fixed. Credits Thanks to Alexios Fakos for reporting this issue to Opera…
Severity Extremely Severe Problem Description Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code. Opera’s Response Opera Software has released Opera 9.63, where this issue has been fixed. Credits Thanks to Red XIII for reporting this issue to Opera Software.
Severity: Less Severe Problem Description: Pages from different sources held on the same parent page should not be able to modify the locations of each other. In affected Opera versions, if a page contains frames from both a trusted but not secured, and an untrusted source, the untrusted page is able to replace the contents of a…
Severity: Less SevereProblem DescriptionWhen a page address contains certain characters, they can cause the page address text to be misplaced. In some cases, this could make characters be indistinguishable from each other, allowing some site addresses to look like other site addresses.Opera’s ResponseOpera Software has released Opera 9.26, where this issue has been fixed.CreditsThanks to…
