Opera Web Browser Command Execution And XSS Vulnerabilities (Linux) Network Vulnerability

Summary

The host is installed with Opera Web Browser and is prone to multiple vulnerabilities.

Impact

Successful remote attack could inject arbitrary HTML and script code, launch cross site scripting attacks on user's browser session when malicious data is being viewed. Impact Level: Application

Solution

Upgrade to Opera 9.62 http://www.opera.com/download/

Insight

Flaws are due to, - certain parameters passed to the History Search functionality are not properly sanitised before being used. - an error exists in the handling of javascript URLs in the Links panel.

Affected

Opera version prior to 9.62 on Linux.

References

http://www.opera.com/support/search/view/906/
http://www.opera.com/support/search/view/907/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4794, CVE-2008-4795

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)
Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
Adobe Air Multiple Vulnerabilities - October 12 (Windows)

Opera Web Browser Command Execution and XSS Vulnerabilities (Linux)

Take action and discover your vulnerabilities