Description In some cases, a Web font intended to be used for page content could be incorrectly used by Opera to render parts of the user interface, including the address field. This can be used by a malicious site to display a false domain name in the address field. Operating systems Windows Severity Less severe…
Summary Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure. Severity Moderately severe Opera’s Response Opera Software has released Opera 10.00, where this issue has been fixed.
Severity Moderately severe Problem description Input names can contain line breaks when data is sent using POST. Suitable use of the random number generator can reveal predictable boundaries that will be used when sending the POST data. These can be combined to add extra boundaries into the data, containing payloads that may confuse the receiving…
Severity Extremely Severe Problem Description Specially crafted JPEG images can cause Opera to corrupt memory and crash. Successful exploitation can lead to execution of arbitrary code. Opera’s Response Opera Software has released Opera 9.64, where this issue has been fixed. Credits Thanks to Tavis Ormandy of the Google Security Team for reporting this issue to…
Severity Highly Severe Problem Description When connecting to a TLS-protected website, Opera parses the X.509 certificate. If a site uses a specially crafted Subject Alternative Name in the certificate, it can cause Opera to crash. To inject code, additional means will have to be employed. Opera’s Response Opera Software has released Opera 9.25, where this…
Severity Highly Severe Problem Description When accepting HTML content from untrusted users, Web sites sometimes employ some kind of filtering to ensure that the content cannot contain scripts. If the content is to be used inside an HTML attribute, characters that separate attributes need to be filtered out to prevent scripted attributes from being created. Due…
Summary Opera 9.20 has a highly recommended security upgrade for users of the Adobe Flash Player on Linux, Solaris and FreeBSD Severity Highly critical Problem description A security issue in the Adobe Flash Player running in Opera on Linux, Solaris or FreeBSD has been found. Details about the vulnerability will be disclosed at a later…
Summary A JPEG image with a malformed header can crash Opera, and causearbitrary code to be run. Severity Moderate Problem description A specially crafted DHT marker in the JPEG file header can causea heap overflow. The malformed image alone will only cause a crash. To exploitthe flaw, the computer’s memory must first be filled up withcode…
Summary A vulnerability in createSVGTransformFromMatrix ObjectTypecasting can crash Opera. Severity Moderate Problem description Passing an incorrect object to createSVGTransformFromMatrixcan crash Opera and enable arbitrary code execution. Users who have disabled JavaScript are not affected. Opera’s response Opera has released version 9.10, where this flaw has beencorrected. Credits Thanks to iDefense Labs for notifying Opera Softwareabout this…
Severity Highly Severe Problem Description The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in…
