FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

opera -- multiple vulnerabilities

Affected packages
linux-opera < 9.63
opera < 9.63

Details

VuXML ID 225bc349-ce10-11dd-a721-0030843d3802
Discovery 2008-11-18
Entry 2008-12-19

The Opera Team reports:

Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code.

Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional techniques will have to be employed.

Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remote Web pages cannot refer to file: URLs, so successful exploitation involves tricking users into manually opening the exploit URL, or a local file that refers to it.

When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information.

Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untrusted users, which it then displays using XSLT as escaped strings, this can allow scripted markup to be injected. The scripts will then be executed in the security context of that site.

References

CVE Name CVE-2008-5178
URL http://secunia.com/advisories/32752/
URL http://www.opera.com/support/kb/view/920/
URL http://www.opera.com/support/kb/view/921/
URL http://www.opera.com/support/kb/view/922/
URL http://www.opera.com/support/kb/view/923/
URL http://www.opera.com/support/kb/view/924/