SummaryWindows Meta Files (.wmf) can contain executable code. A specially craftedWMF file can infect Microsoft Windows with malicious software when it is openedwith Windows’ own WMF parser. Opera itself is not affected, but if vulnerableprograms open WMF files in Opera’s cache, they can be infected.Severity: HighProblem descriptionWMF files stored in Opera’s cache can be read…
SummaryIf a user double-clicks a Web link leading to a program,that program can be run. The second click may go intothe “Open” button of the file download dialog.Severity: ModerateProblem description Links in Web pages only require a single click. When a userdouble-clicks on a Web link, that action is taken as twoseparate clicks: One to follow…
SummaryA web page with an extremely long <title> attribute can causeOpera to crash when certain conditions are met. It affectsWindows users with Input Method Editor (IME) installed.Severity: MediumProblem descriptionIf a Windows user with Input Method Editor (IME) installedbookmarks a page with an extremely long <title> element,Opera will crash upon next startup. Opera will not recoverfrom…
SummaryCombinations of right-to-left text and negative marginsin HTML code can crash Opera.Severity: Not a security issue.Problem descriptionRight-to-left scripts, for example Arabic, are handled bythe so-called “bidi” (bidirectional text) support in Opera.Bidi allows left-to-right and right-to-left scripts tobe combined in the same document, even on the same line. A negative margin value inside a block containing right-to-left…
SummaryA specially crafted Java applet can cause Opera to crash.Severity: Not exploitableProblem descriptionJava code using LiveConnect methods to remove a property of aJavaScript object may in some cases use null pointers that canmake Opera crash. This crash is not exploitable and such code israre on the web.Opera’s responseOpera Software has released version 8.51, where this…
SummaryOpera will execute command lines embedded in the URL when anotherprogram uses Opera to open a link. This affects UNIX versions ofOpera (Linux/FreeBSD/Solaris).Severity: HighProblem descriptionOpera for UNIX uses a wrapper shell script to start up Opera.This shell script reads the input arguments, like the file namesor URLs that Opera is to open. It also performs…
Summary A malicious setRequestHeader can be used to stealuser credentials and inject cross-site JavaScript. Severity: high Opera’s response Since version 8.02 of Opera, double newlinesor a single newline not followed by a space areremoved. Users with a version older than 8.02should upgrade to the most recent version ofOpera. Credits Thanks to Yutaka OIWA for reporting this issue.
Summary Opera supports internationalized domain names (IDN), which allowsfor example Russian or Chinese domain names to be written in theirown native scripts.However, this also makes it possible to have domain names thatlook exactly the same as known, legitimate domain names whileactually being written in a different script. Such possibilitiescan be used for fraud.Problem description Since 2003 domain…
Severity: Moderate/low Problem descriptionA malicious page can be crafted to send the userto his banking site, and shortly afterwardsdisplay a dialog enticing the user to type inhis bank login credentials.The dialog will appear in front of the bankingpage, while the window it really belongs to willbe hidden. If the timing and context is right,the message displayed…
