FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

opera -- multiple vulnerabilities

Affected packages
linux-opera < 9.24
opera < 9.24
opera-devel < 9.24

Details

VuXML ID 44224e08-8306-11dc-9283-0016179b2dd5
Discovery 2007-10-17
Entry 2007-10-25

An advisory from Opera reports:

If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code.

When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site.

References

CVE Name CVE-2007-5540
CVE Name CVE-2007-5541
URL http://secunia.com/advisories/27277/
URL http://www.opera.com/support/search/view/866/
URL http://www.opera.com/support/search/view/867/