CERT-In Advisory CIAD-2008-52
Multiple vulnerabilities in Opera

Original issue date: October 20, 2008

Severity Rating: High

Systems Affected

• Opera versions prior to 9.60

Overview

Multiple vulnerabilities have been reported in Opera, which could allow a remote attacker to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

Opera Web Browser is a browser that runs on multiple operating systems.

1. URI Redirection Remote Code Execution Vulnerability

This Vulnerability is caused when the browser is redirected to a specially crafted URI in the Opera web browser. A remote attacker could exploit this vulnerability by sending a specially crafted URI with an overly long username part of the form. Successfully exploiting this issue will allow remote attacker to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

2. Opera Cached Java Applet Security Bypass Vulnerability

Solution

Upgrade to version 9.60
http://www.opera.com/download/

Vendor Information

Opera
http://www.opera.com/support/search/view/901/
http://www.opera.com/support/search/view/902/


References

SecurityFocus
http://www.securityfocus.com/bid/31631/info

Juniper Networks
https://www.juniper.net/security/auto/vulnerabilities/vuln31631.html

Secunia
http://secunia.com/advisories/32177/

CVE Name

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003