Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
Opera released version 9.25 of their browser to fix various security problems:
CVE-2007-6520: Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by David Bloom. Details will be disclosed at a later date.
CVE-2007-6521: Fixed an issue with TLS certificates that could be used to execute arbitrary code, as reported by Alexander Klink (Cynops GmbH). Details will be disclosed at a later date.
CVE-2007-6522: Rich text editing can no longer be used to allow cross domain scripting, as reported by David Bloom. See our advisory.
CVE-2007-6523: Fixed a problem where malformed BMP files could cause Opera to temporarily freeze.
CVE-2007-6524: Prevented bitmaps from revealing random data from memory, as reported by Gynvael Coldwind. Details will be disclosed at a later date.
Affected
opera on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-6520, CVE-2007-6521, CVE-2007-6522, CVE-2007-6523, CVE-2007-6524 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities