SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
Opera Feed Source File Links Let Remote Users Determine if Local Files Exist
SecurityTracker Alert ID:  1020722
SecurityTracker URL:  http://securitytracker.com/id/1020722
CVE Reference:   CVE-2008-4199   (Links to External Site)
Updated:  Aug 27 2009
Original Entry Date:  Aug 20 2008
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.52
Description:   A vulnerability was reported in Opera. A remote user can determine if certain files exist on the target user's system.

A remote user can create HTML that, when loaded by the target user, will invoke links to feed source files on the target user's system to determine if the target file exists or not.

Impact:   A remote user can determine if certain files exist on the target user's system.
Solution:   The vendor has issued a fixed version (9.52).

The vendor's advisory is available at:

http://www.opera.com/support/search/view/896/

Vendor URL:  www.opera.com/support/search/view/896/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (FreeBSD), UNIX (macOS/OS X), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC