SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
Opera Bugs Let Remote Users Obtain Information and Execute Arbitrary Code
SecurityTracker Alert ID:  1025011
SecurityTracker URL:  http://securitytracker.com/id/1025011
CVE Reference:   CVE-2011-0450   (Links to External Site)
Date:  Jan 28 2011
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 11.01
Description:   Several vulnerabilities were reported in Opera. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially sensitive information.

A remote user can create specially crafted HTML containing large form inputs that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. Jordi Chancel reported this vulnerability.

A remote user can create a specially crafted URL that, when loaded by the target user, will modify the Opera configuration to bypass certain restrictions to prevent clickjacking attacks.

A remote user can send specially crafted HTTP responses and redirections to obtain elevated privileges on the target user's browser and then load files from the target user's system.

The "Delete Private Data" feature with the "Clear all email account passwords" function do not immediately delete passwords, allowing the passwords to be used until the browser is restarted.

A remote user can cause the downloads manager to use an arbitrary executable when attempting to show show the folder view [CVE-2011-0450]. Microsoft Windows-based systems are affected. Makoto Shiotsuki reported this vulnerability.

Impact:   A remote user can create execute arbitrary code on the target user's system.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix (11.01).

The vendor's advisories are available at:

http://www.opera.com/support/kb/view/982/
http://www.opera.com/support/kb/view/983/
http://www.opera.com/support/kb/view/984/
http://www.opera.com/support/kb/view/985/
http://www.opera.com/support/kb/view/986/

Vendor URL:  www.opera.com/support/kb/view/982/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC