CERT-In Advisory
CIAD-2010-0066
Opera Multiple Cross Domain Scripting and Spoofing Vulnerabilities
Original Issue Date: October 22, 2010
Severity Rating: Medium
Systems Affected
Overview
Multiple vulnerabilities have been reported in Opera, which could allow attackers to gain knowledge of certain information, manipulate data or execute arbitrary code.
Description
CSS files Cross domain Scripting Vulnerability
A combination of cross-domain content inclusion being allowed and the manner in which the CSS parser is fault-tolerant when processing content can be exploited to bypass cross-domain checks and obtain sensitive information from a web page in another domain .
Address Spoofing Vulnerability
This vulnerability is caused by an error when manipulating the window, which could cause the wrong part of the Web page address to be displayed in the Address Bar and allows attackers to spoof the page address.
Cross-Site Scripting Vulnerability
This issue is caused by an error in the handling of reloads and redirects combined with caching may result in scripts executing in the wrong security context. This can be exploited to spoof the address bar or conduct cross-site scripting (XSS) attacks.
Successful exploitation of this vulnerability allows manipulating Opera's configuration with minimal user interaction to execute arbitrary code.
HTML5 Canvas Content Vulnerability
This vulnerability is caused due to the browser not checking a video's origin correctly, which may result in videos from unrelated sites being used as HTML5 canvas content without protecting it from scripts. This can be exploited to intercept private video streams.
Successful exploitation of this vulnerability requires that the address is known and that a user is tricked into opening a specially crafted web page.
Invalid URL XSS Vulnerability
This vulnerability is caused by an issue when displaying error pages along with a link to the invalid URL, which could allow cross domain scripting attacks by convincing a user to interact with a specially crafted error page.
Solution
Upgrade to Opera version 10.63:
http://www.opera.com/browser/
Vendor Information
Opera
http://www.opera.com/docs/changelogs/windows/1063/
http://www.opera.com/docs/changelogs/mac/1063/
http://www.opera.com/docs/changelogs/unix/1063/
References
Opera
http://www.opera.com/docs/changelogs/windows/1063/
http://www.opera.com/docs/changelogs/mac/1063/
http://www.opera.com/docs/changelogs/unix/1063/
http://www.opera.com/support/kb/view/971/
http://www.opera.com/support/kb/view/972/
http://www.opera.com/support/kb/view/973/
http://www.opera.com/support/kb/view/974/
http://www.opera.com/support/kb/view/976/
Secunia
http://secunia.com/advisories/41740
Tenable Network Security
http://www.nessus.org/plugins/index.php?view=single&id=49964
VUPEN
http://www.vupen.com/english/advisories/2010/2614
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|