Opera Web Browser Command Execution And XSS Vulnerabilities (Win) Network Vulnerability

Summary

The host is installed with Opera Web Browser and is prone to multiple vulnerabilities.

Impact

Successful remote attack could inject arbitrary HTML and script code, launch cross site scripting attacks on user's browser session when malicious data is being viewed. Impact Level: Application

Solution

Upgrade to Opera 9.62 http://www.opera.com/download/

Insight

Flaws are due to, - certain parameters passed to the History Search functionality are not properly sanitised before being used. - an error exists in the handling of Javascript URLs in the Links panel.

Affected

Opera version prior to 9.62 on Windows.

References

http://www.opera.com/support/search/view/906/
http://www.opera.com/support/search/view/907/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4794, CVE-2008-4795

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)
Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Windows)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X

Opera Web Browser Command Execution and XSS Vulnerabilities (Win)

Take action and discover your vulnerabilities