Skip to content

J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1312
    posted: 11/18/08
  • NSM Daily Update #1312
    posted: 11/18/08
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1312
    posted: 11/18/08
  • Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
    posted: 11/18/08
  • Deep Inspection 5.0 #1132
    posted: 04/01/08
  • Antivirus
    posted: 11/17/08

Title: Opera Web Browser 9.51 Multiple Security Vulnerabilities

Severity: MODERATE

Description:

Opera Web Browser is a browser that runs on multiple operating systems.

Opera is prone to the following security issues:

1. An unspecified issue can arise when Opera is registered as a protocol handler. Attackers can exploit this issue to cause denial-of-service conditions. The issue can also help attackers inject malicious code using other techniques. Note that this vulnerability affects Opera for Microsoft Windows.

2. A security vulnerability allows a site to change addresses of frames on other sites inside windows that the site opened. Attackers can exploit this issue to replace the contents of a trusted frame. This may allow attackers to trick users by misrepresenting information or loading malicious content in frames from trusted sites. This can also aid in phishing and other attacks. This issue is tracked by CVE-2008-4195.

3. A weakness can be used to execute applications with potentially dangerous parameters created from uninitialized memory. The issue occurs when custom shortcut and menu commands are used to activate external applications. Exploiting this issue would require a considerable amount of user assistance. The issue could also help attackers to execute arbitrary code in connection with other vulnerabilities. This issue is tracked by CVE-2008-4197.

4. By adding frames that display secure content, attackers can leverage a weakness that tricks the browser into reporting an insecure site as secure. Reportedly, when the issue is exploited, the padlock icon will show incorrect information and the security information dialog will show that the connection is secure, but any certificate details will not be displayed. This issue is tracked by CVE-2008-4198.

5. A security vulnerability occurs because the browser allows sites to link to feed source files on the user's computer. The issue may be used to enumerate files on the user's computer. This issue is tracked by CVE-2008-4199.

6. A security weakness allows the page address for a news feed to be changed when using the feed subscription button. Attackers could exploit this issue to mislead a user and change the address field to point to a malicious site. This issue is tracked by CVE-2008-4200.

Versions prior to Opera 9.52 are vulnerable.

NOTE: The cross-site scripting issue originally included in this BID has been moved to BID 31183 (Opera Web Browser Unicode Whitespace Cross-Site Scripting Weakness).

Affected Products:

  • Gentoo Linux
  • Opera Software Opera Web Browser 5.0.0 2 win32
  • Opera Software Opera Web Browser 5.0.0 Linux
  • Opera Software Opera Web Browser 5.0.0 Mac
  • Opera Software Opera Web Browser 5.1.0 0 win32
  • Opera Software Opera Web Browser 5.1.0 1 win32
  • Opera Software Opera Web Browser 5.12.0
  • Opera Software Opera Web Browser 5.12.0 win32
  • Opera Software Opera Web Browser 6.0.0
  • Opera Software Opera Web Browser 6.0.0 .6win32
  • Opera Software Opera Web Browser 6.0.0 6
  • Opera Software Opera Web Browser 6.0.0 Win32
  • Opera Software Opera Web Browser 6.0.1
  • Opera Software Opera Web Browser 6.0.1 linux
  • Opera Software Opera Web Browser 6.0.1 win32
  • Opera Software Opera Web Browser 6.0.2 linux
  • Opera Software Opera Web Browser 6.0.2 win32
  • Opera Software Opera Web Browser 6.0.3 linux
  • Opera Software Opera Web Browser 6.0.3 win32
  • Opera Software Opera Web Browser 6.0.4 win32
  • Opera Software Opera Web Browser 6.0.5 win32
  • Opera Software Opera Web Browser 6.10.0 linux
  • Opera Software Opera Web Browser 7.0.0 1win32
  • Opera Software Opera Web Browser 7.0.0 2win32
  • Opera Software Opera Web Browser 7.0.0 3win32
  • Opera Software Opera Web Browser 7.0.0 win32
  • Opera Software Opera Web Browser 7.0.0 win32 Beta 1
  • Opera Software Opera Web Browser 7.0.0 win32 Beta 2
  • Opera Software Opera Web Browser 7.10.0
  • Opera Software Opera Web Browser 7.11.0
  • Opera Software Opera Web Browser 7.11.0 b
  • Opera Software Opera Web Browser 7.11.0 j
  • Opera Software Opera Web Browser 7.20.0
  • Opera Software Opera Web Browser 7.20.0 Beta 1 build 2981
  • Opera Software Opera Web Browser 7.21.0
  • Opera Software Opera Web Browser 7.22.0
  • Opera Software Opera Web Browser 7.23.0
  • Opera Software Opera Web Browser 7.50.0
  • Opera Software Opera Web Browser 7.51.0
  • Opera Software Opera Web Browser 7.52.0
  • Opera Software Opera Web Browser 7.53.0
  • Opera Software Opera Web Browser 7.54.0
  • Opera Software Opera Web Browser 8 Beta 3
  • Opera Software Opera Web Browser 8.0.0
  • Opera Software Opera Web Browser 8.0.0 1
  • Opera Software Opera Web Browser 8.0.0 2
  • Opera Software Opera Web Browser 8.0.2
  • Opera Software Opera Web Browser 8.50.0
  • Opera Software Opera Web Browser 8.51.0
  • Opera Software Opera Web Browser 8.52
  • Opera Software Opera Web Browser 8.53
  • Opera Software Opera Web Browser 8.54
  • Opera Software Opera Web Browser 9
  • Opera Software Opera Web Browser 9.01
  • Opera Software Opera Web Browser 9.02
  • Opera Software Opera Web Browser 9.10
  • Opera Software Opera Web Browser 9.20
  • Opera Software Opera Web Browser 9.20 beta1
  • Opera Software Opera Web Browser 9.21
  • Opera Software Opera Web Browser 9.22
  • Opera Software Opera Web Browser 9.23
  • Opera Software Opera Web Browser 9.24
  • Opera Software Opera Web Browser 9.25
  • Opera Software Opera Web Browser 9.26
  • Opera Software Opera Web Browser 9.27
  • Opera Software Opera Web Browser 9.5
  • Opera Software Opera Web Browser 9.50 beta
  • Opera Software Opera Web Browser 9.51

References: