Secunia Advisory: SA27277
Release Date: 2007-10-17
Critical: Highly critical
Impact: Cross Site Scripting
System access
Where: From remote
Solution Status: Vendor Patch
Software:
Opera 5.x
Opera 6.x
Opera 7.x
Opera 8.x
Opera 9.x
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS!
Description:
Two vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and to compromise a user's system.
1) Opera may launch external email or newsgroup clients incorrectly. This can be exploited to execute arbitrary commands by e.g. visiting a malicious website.
Successful exploitation requires that the user has configured an external email or newsgroup client.
2) An error when processing frames from different websites can be exploited to bypass the same-origin policy. This allows to overwrite functions of those frames and to execute arbitrary HTML and script code in a user's browser session in context of other sites.
The vulnerabilities are reported in all versions of Opera for Desktop prior to version 9.24.
Secunia has constructed the Online Software Inspector, which you can use to check if your local system is vulnerable. If you wish to scan your corporate network, then please refer to the Network Software Inspector.
Solution:
Update to version 9.24.
http://www.opera.com/download/
Bollettino di Sicurezza
Release Date: 2007-10-17
Critical: Highly critical
Impact: Cross Site Scripting
System access
Where: From remote
Solution Status: Vendor Patch
Software:
Opera 5.x
Opera 6.x
Opera 7.x
Opera 8.x
Opera 9.x
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS!
Description:
Two vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and to compromise a user's system.
1) Opera may launch external email or newsgroup clients incorrectly. This can be exploited to execute arbitrary commands by e.g. visiting a malicious website.
Successful exploitation requires that the user has configured an external email or newsgroup client.
2) An error when processing frames from different websites can be exploited to bypass the same-origin policy. This allows to overwrite functions of those frames and to execute arbitrary HTML and script code in a user's browser session in context of other sites.
The vulnerabilities are reported in all versions of Opera for Desktop prior to version 9.24.
Secunia has constructed the Online Software Inspector, which you can use to check if your local system is vulnerable. If you wish to scan your corporate network, then please refer to the Network Software Inspector.
Solution:
Update to version 9.24.
http://www.opera.com/download/
Bollettino di Sicurezza