Summary Even though a Certificate Authority has verified and signed it, a usershould not trust the Organization name without checking the domain name.A fraudulent site can carry a misleading Organization name. Severity: Low Problem description A secure site is served over an encrypted connection,and has a digital certificate that has been verifiedand signed by a trusted third party (TTP),…
Severity: ModerateSummaryA data URL (RCF 2397) containing an executable file maycause Opera to mislead the user. Opera’s download dialogwill in some cases say “Open with NOTEPAD.EXE”. Butclicking “Open” will run the executable.Problem description The data URL scheme allows authors to embed binary files,instead of using links to external files. Data URLscontaining file types that Opera can…
Severity: ModerateSince version 7.50, Opera for Linux has offered theuser a new way to open files which Opera can not openitself: “Open with kfmclient”. This feature can beexploited to run malicious code on the user’s computer.Problem descriptionThe kfmclient is a part of the KDE desktop environment.It inspects the file given to it to determine its…
Opera security advisory Named frames or windows can be hi-jacked by malicious frames or windows. Periods in the file name and non-breaking spaces in the Content-Type header can make the save/open dialog misleading. A user may be convinced that an executable file is something else, for example a PDF document. Applets have access to sun.*…
Opera is not vulnerable to the JPEG processing vulnerability in Microsoft’s GDI+ library.Details: Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Vulnerable browser: MS Internet ExplorerExample image (crashes MSIE): http://sylvana.net/test/AP4.jpgThe Opera Web browser is not vulnerable to this exploit, because Opera uses another JPEG decoder, built into Opera itself. Opera does not use…
Summary: Very large link addresses can cause Opera to crash.Severity: ModerateProblem descriptionAn extremely long link address can cause Opera to crash.A specially crafted long link could cause malicious codeto be run on the user’s computer.Opera’s responseRelease 9.02 is not affected by this, and Opera Softwarerecommends users with earlier versions to upgrade.CreditsThanks to iDefense Labs for…
Summary: A forged SSL server certificate can be accepted by Opera as a valid certificate. Severity: Highly criticalVulnerable versions: Opera for desktop computers, Opera for Windows Mobile, and other versions of Opera that use OpenSSL. See opera:about for information about third-party libraries.Problem description A specially crafted digital certificate can bypass Opera’scertificate signature verification. Forged certificatescan contain any…
SummaryA very large href attribute value in a Web page can crash Opera. Severity: Not a security issueProblem descriptionA Web page containing a very large href attribute value cancause Opera to crash.This exploit causes Opera to access the wrong location inmemory, so Opera is forced to quit. It is not possibleexploit this to run arbitrary code.Opera’s…
SummaryA specially crafted JPEG image can enable the execution ofarbitrary code.Severity: Critical Affected versions: Versions prior to 9.0 of Opera forMicrosoft Windows and Mac OS X. Not affected: Opera for Linux, FreeBSD and Solaris.Problem descriptionA specially crafted JPEG image header can trick Opera into allocatingthe wrong amount of memory for the image. This can make Opera crash,or…
SummaryOpera’s status bar shows the “title” attribute of a form inputimage, not the form’s “action” URL. This may mislead the user. Severity: Very lowProblem descriptionIt is possible to make a form input that looks like an image link.If the form input has a “title” attribute, the status bar will showthe “title”. A “title” which looks like…
