Skip to main content

Opera Multiple Vulnerabilities

Last Update Date: 28 Mar 2012 10:30 Release Date: 28 Mar 2012 5233 Views

RISK: High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system.

  1. An error when displaying the download dialog box within a small window can be exploited to download and execute a file by tricking a user into entering a specific keyboard sequence.
  2. An error when displaying the download dialog box can be exploited to overlay the box with other content subsequently tricking a user into downloading and executing a file.
  3. An error when handling history.state of sites implementing history.pushState and history.replaceState can be exploited to bypass the cross-domain policy restriction and disclose certain information to other sites.
  4. An error when displaying certain dialogs can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.
  5. An error when handling redirects to a slowly responding, trusted site can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.

Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Spoofing

System / Technologies affected

  • Opera 11.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 11.62.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link