|
|
>> Opera Browser Security Update Fixes Multiple Vulnerabilities
|
Title : Opera Browser Security Update Fixes Multiple Vulnerabilities
VUPEN ID : VUPEN/ADV-2005-1789
CVE ID : CVE-2005-3041 - CVE-2005-3059
CWE ID : CWE-
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-09-20
|
Multiple vulnerabilities were identified in Opera, which could be exploited by attackers to bypass certain security restrictions or conduct spoofing and cross site scripting attacks.
The first issue is due to an error in the Opera Mail client where attached files are opened without any warnings directly from the user's cache directory, which could be exploited to execute arbitrary JavaScript in context of "file://".
The second vulnerability is due to an error in the Opera Mail client that does not properly validate filename extensions, which could be exploited by attackers to conduct extensions spoofings by appending the "." character to the end of a filename.
The third flaw is due to an unspecified drag-and-drop error allowing unintentional file uploads.
The fourth problem is due to an unspecified error in the handling of must-revalidate cache directive for HTTPS pages.
The fifth issue is due to an unspecified error when handling cookie comment encoding.
Affected Products
Opera version 8.02 and prior
Solution
Upgrade to Opera version 8.50 :
http://www.opera.com/download/
References
http://www.vupen.com/english/advisories/2005/1789
http://www.opera.com/docs/changelogs/windows/850
http://www.opera.com/docs/changelogs/linux/850
http://secunia.com/secunia_research/2005-42/
Credits
Vulnerabilities reported by Jakob Balle and Michael Krax
ChangeLog
2005-09-20 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
