Opera Mobile for Android Insecure File Permission Cache Poisoning Vulnerability

Release date:
Updated on:

Affected Systems:
Opera Software Opera Mobile for Android 11.1 update 1
Opera Software Opera Mobile for Android 11.1
Unaffected system:
Opera Software Opera Mobile for Android 11.1 update 2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49702

Opera Mobile for Android is a Mobile browser.

Opera Mobile for Android has a cache poisoning vulnerability when processing certain files. Remote attackers can exploit this vulnerability to obtain sensitive information or damage Web Cache files, attackers can execute cross-site scripting attacks by injecting JavaScript code to any domain.

Its cached file permissions are insecure:

* The cached metadata file (dcache4.url) is globally readable and writable.
* The cached data itself can be read and written globally.

Therefore, third-party applications can access the Opera Mobile cache to destroy the Android sandbox mode.

<* Source: Roee Hay

Link: http://blog.watchfire.com/files/advisory-opera-cp-xas.pdf
Http://my.opera.com/operamobile/blog/2011/09/13/android-11-1-update-2-ready-for-download
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Opera Software
--------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.opera.com/support/