Multiple vulnerabilities in Opera Web browser versions earlier than 12.10
Release date:
Updated on:
Affected Systems:
Opera Software Opera Web Browser 12.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56407
Opera provides free Web browsers for computers, mobile phones, and devices.
Versions earlier than Opera Web Browser 12.10 have cross-site scripting, remote code execution, cross-domain information leakage, and multiple unknown details vulnerabilities, attackers can exploit these vulnerabilities to execute arbitrary code, leak sensitive information, or execute arbitrary script code in the user's browser of the affected site, which may steal Cookie authentication creden.
1) unknown details exist when processing CORS requests. Attackers can bypass the same-origin policy and leak sensitive information from other domains.
2) errors in Data URI processing can be exploited to execute cross-site scripting (XSS) attacks.
3) when processing SVG images, errors may occur and arbitrary code can be executed.
<* Source: Gareth Heyes
Link: http://secunia.com/advisories/51183/
Http://www.opera.com/docs/changelogs/unified/1210/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Opera Software
--------------
Update to 12.10
Link: http://www.opera.com/docs/changelogs/unified/1210/