Opera Browser May Let Remote Users Obfuscate the Download Dialog Box
|
|
SecurityTracker Alert ID: 1015353
|
|
SecurityTracker URL: http://securitytracker.com/id?1015353
|
|
CVE Reference: CVE-2005-2407
(Links to External Site)
|
Date: Dec 13 2005
|
Impact: Execution of arbitrary code via network, Modification of user information, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Secunia Research
|
Version(s): 8.01
|
Description: A vulnerability was reported in Opera. A remote user may be able to cause arbitrary files to be downloaded to the target user's system or executed by the target user.
The browser does not properly process user mouse clicks in new browser windows. A remote user can create HTML that, when loaded
by the target user, will obfuscate the file download dialog box and potentially cause the target user to execute the downloaded
file. Some user interaction is required.
The vendor was notified on June 26, 2005.
Jakob Balle of Secunia Research discovered
this vulnerability.
The original advisory is available at:
http://secunia.com/secunia_research/2005-21/advisory/
|
Impact: A remote user can cause files to be downloaded to the target user's system.
A remote user can cause arbitrary code to be executed by the target user.
|
Solution: The vendor has issued a fixed version (8.02), available at:
http://www.opera.com/download/
|
Vendor URL: www.opera.com/ (Links to External Site)
|
Cause: State error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 13 Dec 2005 16:40:35 -0500
Subject: Opera vulnerability
|
http://secunia.com/secunia_research/2005-21/advisory/
CVE-2005-2407
|
|
