Multiple Vulnerabilities in Opera
Original Issue Date: November 10, 2009
Severity Rating: High
- Opera versions prior to 10.01
Multiple vulnerabilities have been reported in Opera, which could be exploited by remote attacker to bypass certain security restrictions, disclose sensitive information, execute an arbitrary code and conduct spoofing attacks or compromise a user's system.
1. Domain names arbitrary code execution Vulnerability
This vulnerability is caused due to improper handling of domain names in Opera. A remote attacker could exploit this vulnerability by tricking a user to visit a specially crafted Web page to trigger memory corruption error. Successful exploitation of this vulnerability could allow a remote attacker to execute an arbitrary code.
2. Web fonts Spoofing Vulnerability
This vulnerability is caused due to improper handling of Web fonts intended for use as page content in Opera. A remote attacker could exploit this vulnerability by tricking a user to visit a specially crafted Web page to spoof the domain name. Successful exploitation of this vulnerability could allow a remote attacker to spoof the address field.
Upgrade to Opera 10.01 or later
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003