ID

VAR-201006-1178

CVE

CVE-2010-2665

TITLE

Opera In URI Processing cross-site scripting vulnerability \

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site.". Opera Web Browser is prone to multiple security vulnerabilities. The impact of these vulnerabilities has not been disclosed. We will update this BID when more information becomes available. Versions prior to Opera 10.54 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: June 15, 2012 Bugs: #264831, #283391, #290862, #293902, #294208, #294680, #308069, #324189, #325199, #326413, #332449, #348874, #352750, #367837, #373289, #381275, #386217, #387137, #393395, #409857, #415379, #421075 ID: 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Opera, the worst of which allow for the execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 12.00.1467 >= 12.00.1467 Description =========== Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround ========== There is no known workaround at this time. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467" References ========== [ 1 ] CVE-2009-1234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234 [ 2 ] CVE-2009-2059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059 [ 3 ] CVE-2009-2063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063 [ 4 ] CVE-2009-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067 [ 5 ] CVE-2009-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070 [ 6 ] CVE-2009-3013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013 [ 7 ] CVE-2009-3044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044 [ 8 ] CVE-2009-3045 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045 [ 9 ] CVE-2009-3046 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046 [ 10 ] CVE-2009-3047 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047 [ 11 ] CVE-2009-3048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048 [ 12 ] CVE-2009-3049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049 [ 13 ] CVE-2009-3831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831 [ 14 ] CVE-2009-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071 [ 15 ] CVE-2009-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072 [ 16 ] CVE-2010-0653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653 [ 17 ] CVE-2010-1349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349 [ 18 ] CVE-2010-1989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989 [ 19 ] CVE-2010-1993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993 [ 20 ] CVE-2010-2121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121 [ 21 ] CVE-2010-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421 [ 22 ] CVE-2010-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455 [ 23 ] CVE-2010-2576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576 [ 24 ] CVE-2010-2658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658 [ 25 ] CVE-2010-2659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659 [ 26 ] CVE-2010-2660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660 [ 27 ] CVE-2010-2661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661 [ 28 ] CVE-2010-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662 [ 29 ] CVE-2010-2663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663 [ 30 ] CVE-2010-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664 [ 31 ] CVE-2010-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665 [ 32 ] CVE-2010-3019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019 [ 33 ] CVE-2010-3020 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020 [ 34 ] CVE-2010-3021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021 [ 35 ] CVE-2010-4579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579 [ 36 ] CVE-2010-4580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580 [ 37 ] CVE-2010-4581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581 [ 38 ] CVE-2010-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582 [ 39 ] CVE-2010-4583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583 [ 40 ] CVE-2010-4584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584 [ 41 ] CVE-2010-4585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585 [ 42 ] CVE-2010-4586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586 [ 43 ] CVE-2011-0681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681 [ 44 ] CVE-2011-0682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682 [ 45 ] CVE-2011-0683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683 [ 46 ] CVE-2011-0684 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684 [ 47 ] CVE-2011-0685 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685 [ 48 ] CVE-2011-0686 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686 [ 49 ] CVE-2011-0687 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687 [ 50 ] CVE-2011-1337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337 [ 51 ] CVE-2011-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824 [ 52 ] CVE-2011-2609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609 [ 53 ] CVE-2011-2610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610 [ 54 ] CVE-2011-2611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611 [ 55 ] CVE-2011-2612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612 [ 56 ] CVE-2011-2613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613 [ 57 ] CVE-2011-2614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614 [ 58 ] CVE-2011-2615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615 [ 59 ] CVE-2011-2616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616 [ 60 ] CVE-2011-2617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617 [ 61 ] CVE-2011-2618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618 [ 62 ] CVE-2011-2619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619 [ 63 ] CVE-2011-2620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620 [ 64 ] CVE-2011-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621 [ 65 ] CVE-2011-2622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622 [ 66 ] CVE-2011-2623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623 [ 67 ] CVE-2011-2624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624 [ 68 ] CVE-2011-2625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625 [ 69 ] CVE-2011-2626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626 [ 70 ] CVE-2011-2627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627 [ 71 ] CVE-2011-2628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628 [ 72 ] CVE-2011-2629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629 [ 73 ] CVE-2011-2630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630 [ 74 ] CVE-2011-2631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631 [ 75 ] CVE-2011-2632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632 [ 76 ] CVE-2011-2633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633 [ 77 ] CVE-2011-2634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634 [ 78 ] CVE-2011-2635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635 [ 79 ] CVE-2011-2636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636 [ 80 ] CVE-2011-2637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637 [ 81 ] CVE-2011-2638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638 [ 82 ] CVE-2011-2639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639 [ 83 ] CVE-2011-2640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640 [ 84 ] CVE-2011-2641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641 [ 85 ] CVE-2011-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388 [ 86 ] CVE-2011-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065 [ 87 ] CVE-2011-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681 [ 88 ] CVE-2011-4682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682 [ 89 ] CVE-2011-4683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683 [ 90 ] CVE-2012-1924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924 [ 91 ] CVE-2012-1925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925 [ 92 ] CVE-2012-1926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926 [ 93 ] CVE-2012-1927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927 [ 94 ] CVE-2012-1928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928 [ 95 ] CVE-2012-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930 [ 96 ] CVE-2012-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931 [ 97 ] CVE-2012-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555 [ 98 ] CVE-2012-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556 [ 99 ] CVE-2012-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557 [ 100 ] CVE-2012-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558 [ 101 ] CVE-2012-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560 [ 102 ] CVE-2012-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Opera Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA40250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 RELEASE DATE: 2010-06-24 DISCUSS ADVISORY: http://secunia.com/advisories/40250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities with an unknown impact have been reported in Opera. 1) A vulnerability is caused due to an unspecified error. 2) Another vulnerability is caused due to an unspecified error. 3) Another vulnerability is caused due to an unspecified error. 4) Another vulnerability is caused due to an unspecified error. SOLUTION: Update to version 10.54. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.opera.com/docs/changelogs/windows/1054/ http://www.opera.com/support/kb/view/954/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

XSS

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Opera

SOURCES

LAST UPDATE DATE

2024-11-23T20:51:24.609000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE