ID

VAR-201208-0205

CVE

CVE-2012-4145

TITLE

Opera Vulnerability in

DESCRIPTION

Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue.". Opera Contains vulnerabilities that are unspecified.It may be affected unspecified. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. It supports multi-window browsing and a customizable user interface. Unidentified vulnerabilities exist in Opera versions prior to 12.01 on Windows and UNIX systems, Opera versions prior to 11.66 on Mac OS X-based systems, and Opera versions prior to 12.01. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: September 25, 2012 Bugs: #429478, #434584 ID: 201209-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code. Please review the CVE identifiers and Opera Release Notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web page using Opera, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to trick a user into downloading and executing files, conduct Cross-Site Scripting (XSS) attacks, spoof the address bar, or have other unspecified impact. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-12.01.1532" References ========== [ 1 ] CVE-2012-4010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4010 [ 2 ] CVE-2012-4142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4142 [ 3 ] CVE-2012-4143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4143 [ 4 ] CVE-2012-4144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4144 [ 5 ] CVE-2012-4145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4145 [ 6 ] CVE-2012-4146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4146 [ 7 ] Opera 12.01 for UNIX changelog http://www.opera.com/docs/changelogs/unix/1201/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

Unknown

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Reported by the vendor.

SOURCES

LAST UPDATE DATE

2024-11-23T21:55:56.576000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE