CERT-MU AD-2008-19

Multiple vulnerabilities in Opera

Original issue date: 20 October, 2008

Overview

Multiple vulnerabilities have been reported in Opera, which could allow a remote attacker to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

Description

Opera Web Browser is a browser that runs on multiple operating systems.

1. URI Redirection Remote Code Execution Vulnerability

This Vulnerability is caused when the browser is redirected to a specially crafted URI in the Opera web browser. A remote attacker could exploit this vulnerability by sending a specially crafted URI with an overly long username part of the form. Successfully exploiting this issue will allow remote attacker to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

2. Opera Cached Java Applet Security Bypass Vulnerability

This Vulnerability is caused due to an error in the caching of Java applets in Opera web browser. This could be exploited by remote attacker by loading the applet from the cache, causing it to run in the context of the local machine. Successful exploitation of this vulnerability could allow remote attacker to read sensitive information from other restricted cache files.

Affected systems  

• Opera versions prior to 9.60

Impact

Severity Rating: High

Solution

Upgrade to version 9.60
http://www.opera.com/download/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

Opera
http://www.opera.com/support/search/view/901/
http://www.opera.com/support/search/view/902/

CVE-Name

References

SecurityFocus
http://www.securityfocus.com/bid/31631/info

Juniper Networks
https://www.juniper.net/security/auto/vulnerabilities/vuln31631.html

Secunia
http://secunia.com/advisories/32177/