Opera Feed Source File Links Let Remote Users Determine if Local Files Exist
|
|
SecurityTracker Alert ID: 1020722
|
|
SecurityTracker URL: http://securitytracker.com/id?1020722
|
|
CVE Reference: CVE-2008-4199
(Links to External Site)
|
Updated: Aug 27 2009
|
Original Entry Date: Aug 20 2008
|
Impact: Disclosure of system information, Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 9.52
|
Description: A vulnerability was reported in Opera. A remote user can determine if certain files exist on the target user's system.
A remote user can create HTML that, when loaded by the target user, will invoke links to feed source files on the target user's system to determine if the target file exists or not.
|
Impact: A remote user can determine if certain files exist on the target user's system.
|
Solution: The vendor has issued a fixed version (9.52).
The vendor's advisory is available at:
http://www.opera.com/support/search/view/896/
|
Vendor URL: www.opera.com/support/search/view/896/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (FreeBSD), UNIX (OS X), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 20 Aug 2008 17:20:31 -0400
Subject: Opera
|
http://www.opera.com/support/search/view/896/
|
|
