Severity: Less Severe Problem DescriptionHTML CANVAS elements can use images as patterns, and that image data is made available to scripts. When the images are retrieved from other Web sites, the image data should no longer be available to scripts. A flaw exists in the way that Opera checks for the source of these images. Suitable…
Opera security upgrade for Mac OS X.Severity: Highly Severe Affected Versions Mac OS X system with the Opera Web browser and the Adobe Flash Player 9.0.47.0 and earlier installed. Problem Description Opera 9.24 has a highly recommended security upgrade for users of the Adobe Flash Player 9.0.47.0 and earlier on Mac OS X. A security issue in Adobe Flash…
Scripts can overwrite functions on pages from other domains.Severity: Highly SevereAffected VersionsAll versions of Opera for Desktop prior to Opera 9.24. Problem Description When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the…
External news readers and e-mail clients can be used to execute arbitrary code.Severity: Highly SevereAffected VersionsAll versions of Opera for Desktop prior to Opera 9.24.Problem Description If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases…
A specially crafted JavaScript can make Opera execute arbitrary code.Severity:Highly severeProblem descriptionA virtual function call on an invalid pointer that may referencedata crafted by the attacker can be used to execute arbitrary code.Opera’s responseOpera Software has released Opera 9.23, where this issuehas been fixed.CreditsThanks to Mozilla.org for providing their JavaScript fuzzer.
SummaryOpera’s HTTP authentication dialog cuts off long server name at the right hand end.Severity: Less severeProblem descriptionOpera’s HTTP authentication dialog is displayed when the user enters a Web pagethat requires a login name and a password. To inform the user which server itwas that asked for login credentials, the dialog displays the server name.The user…
SummaryThe createPattern function can reveal old data from random places in memorySeverity: moderately severeProblem description Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function thatleaves old data that was in the memory before Opera allocated itin the new pattern. The pattern can be read and analyzed byJavaScript, so an attacker can get…
SummaryOpera displays certain data: URLs wrongly, enabling URL spoofing.Severity: Moderately severeProblem descriptiondata: URLs embed data inside them, instead of linking to an externalresource. Opera can mistakenly display the end of a data URL insteadof the beginning. This allows an attacker to spoof the URL of atrusted site.Opera’s responseOpera Software has released Opera 9.22 which has…
SummaryA malicious torrent file can cause Opera to execute arbitrary code.Severity: HighProblem descriptionRemoving a specially crafted torrent from the download managercan crash Opera. The crash is caused by an erroneous memoryaccess.An attacker needs to entice the user to accept the maliciousBitTorrent download, and later remove it from Opera’s downloadmanager. To inject code, additional means will…
SummaryA malicious torrent file can cause Opera to execute arbitrary code.Severity: Highly criticalProblem descriptionA specially crafted torrent file can cause a buffer overflow in Opera.This allows arbitrary code to be injected and executed. The overflow happens when the user right-clicks on the torrent entryin the transfer manager. Simply clicking on the torrent link willnot trigger this…
