Advisories

CERT-In Advisory CIAD-2008-0068

Multiple vulnerabilities in Opera

Original Issue Date: December 26, 2008

Severity Rating: High

Systems Affected

Opera versions prior to 9.63

Overview

Multiple vulnerabilities have been reported in Opera, which could allow a remote attacker to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

Description

1. HTML Parsing Code Execution Vulnerability ( CVE-2008-5679   )

An unspecified error within the parsing of certain HTML constructs can be exploited to cause an unexpected DOM change. This vulnerability can be exploited by a remote attacker to cause a crash and may allow the execution of arbitrary code when successfully combined with other techniques. An attacker who successfully exploits this vulnerability could gain the same user rights as the logged-on user.

2. Arbitrary Code Execution Vulnerability ( CVE-2008-5680   )

It may be possible to execute arbitrary code on the remote system by manipulating certain text-area contents. An attacker can exploit this vulnerability by executing the attack code of his choice in the user's browser.

3. Malicious Script Code Execution Vulnerability ( CVE-2008-5681   )

Due to unspecified error Opera does not correctly block certain scripted URLs while previewing news feeds. This vulnerability results into the malicious scripts execution into user's browser due to which a user may be able to subscribe to some other arbitrary feeds and disclose the content of subscribed news feeds.

4. Cross Site Scripting XSS Vulnerability ( CVE-2008-5682   )

This vulnerability is caused when certain escaped input processed by the built-in XLST templates is not properly sanitised before being returned to the user's browser. This vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

5. Random Data Disclosure Vulnerability ( CVE-2008-5683   )

Unspecified vulnerability exists which allows remote attackers to "reveal random data" via unknown vector.

6. 'file://' Heap Based Buffer Overflow Vulnerability ( CVE-2008-5178   )

This vulnerability exists due to a boundary error when processing an overly long "file://" URI. A remote attacker can exploit this vulnerability to execute arbitrary code by tricking a user into locally opening a malicious HTML file e.g. received as an email attachment.

Thunderbird 2.x, and SeaMonkey 1.x are not affected by this vulnerability.

Solution

Upgrade to Version 9.63 or later
http://www.opera.com/browser/download/

Vendor Information

Opera
http://www.opera.com/support/kb/view/920
http://www.opera.com/support/kb/view/921
http://www.opera.com/support/kb/view/922
http://www.opera.com/support/kb/view/923
http://www.opera.com/support/kb/view/924

References

Opera
http://www.opera.com/docs/changelogs/windows/963/

SecurityFocus
http://secunia.com/advisories/32752/

Secunia
http://secunia.com/advisories/32752/

CVE Name
CVE-2008-5178
CVE-2008-5679
CVE-2008-5680
CVE-2008-5681
CVE-2008-5682
CVE-2008-5683

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India