SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
Opera May Disclose Scripting Error Messages to Remote Users
SecurityTracker Alert ID:  1023227
SecurityTracker URL:  http://securitytracker.com/id/1023227
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 23 2009
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.10
Description:   A vulnerability was reported in Opera. A remote user may be able to obtain certain error messages.

The browser may send scripting error messages as the contents of unrelated variables to sites other than the page that cause the error. The messages may include potentially sensitive information.

This can be exploited in certain cases to conduct cross-site scripting attacks.

Systems that have enabled stacktraces for exceptions (not the default setting) are affected.

Impact:   A remote user may be able to obtain certain error messages.
Solution:   The vendor has issued a fix (10.10).

The vendor's advisory is available at:

http://www.opera.com/support/kb/view/941/

Vendor URL:  www.opera.com/support/kb/view/941/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (FreeBSD), UNIX (macOS/OS X), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC