HOME > ADVISORIES


   ADVISORY

CERT-In Advisory CIAD-2008-42
Multiple vulnerabilities in Opera

Original issue date: August 25, 2008

Severity Rating: High

Systems Affected

  • Opera versions prior to 9.52

Overview

Multiple vulnerabilities have been reported in Opera, exploitation of which could allow a remote attacker to execute arbitrary code or access sensitive data or show a non secure page as a secure page or change the feed subscription address.

Description

1. Startup crash can allow execution of arbitrary code

When Opera is registered as a handler for a given protocol, it can be started by external applications. An unspecified error exists in Opera which causes it to crash when started in this way. The issue can also help attackers to inject malicious code using other techniques.

NOTE: Reportedly, the vulnerability only affects Opera for Windows.

2. Sites can change framed content on other sites

Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This can be exploited by an attacker to trick users by misrepresenting information or loading malicious content in frames from trusted websites.

3. Custom shortcuts can pass the wrong parameters to     applications

Opera can be customized to run external applications (viewing graphics, playing video and audio files) through custom shortcut and menu commands. This could allow a remote attacker to execute arbitrary code on the system, caused by an error when handling custom shortcut and menu commands. By persuading a victim to modify shortcuts or menu files, a remote attacker could exploit this vulnerability to activate applications with malicious parameters and execute arbitrary code on the vulnerable system.

4. Insecure pages can display incorrect security information

The vulnerability exists because of the error in the processing of custom shortcut and menu commands. A remote user can exploit this vulnerability by creating a non-secure web page that loads content from a secure site into a frame. Opera will incorrectly indicate that the non-secure web page is a secure web page. Successful exploitation may allow execution of arbitrary code, but requires that a user is tricked into modifying shortcuts or menu files.

5. Feed links can link to local files

Opera doesn't allow web pages to link to files on the user's local disk. A vulnerability exists in Opera that allows Web pages to link to feed source files on the user's computer. Suitable detection of JavaScript events and appropriate manipulation can unreliably allow a script to detect the difference between successful and unsuccessful subscriptions to these files, to find out the existence of a file. In most cases the attempt will fail.

6. Feed subscription can cause the wrong page address to be     displayed

An error exists in Opera when processing news feed subscription requests. A remote attacker can cause the page address to be changed, leaving the attacking page's address in the address bar.

Solution

Upgrade to version 9.52
http://www.opera.com/download/


Vendor Information

Opera
http://www.opera.com/docs/changelogs/windows/952/
http://www.opera.com/docs/changelogs/linux/952/
http://www.opera.com/support/search/view/892/ http://www.opera.com/support/search/view/893/ http://www.opera.com/support/search/view/894/ http://www.opera.com/support/search/view/895/ http://www.opera.com/support/search/view/896/
http://www.opera.com/support/search/view/897/

References

 FrSIRT
http://www.frsirt.com/english/advisories/2008/2416

Juniper Networks
http://www.juniper.net/security/auto/vulnerabilities/vuln30768.html

Secunia
http://secunia.com/advisories/31549/

SecurityTracker
http://securitytracker.com/alerts/2008/Aug/1020718.html http://securitytracker.com/alerts/2008/Aug/1020719.html http://securitytracker.com/alerts/2008/Aug/1020720.html http://securitytracker.com/alerts/2008/Aug/1020721.html http://securitytracker.com/alerts/2008/Aug/1020722.html
http://securitytracker.com/alerts/2008/Aug/1020723.html

IBM ISS
http://xforce.iss.net/xforce/xfdb/44547
http://xforce.iss.net/xforce/xfdb/44552

CVE Name

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003