Opera Web Browser Multiple Remote Vulnerabilities

Bugtraq ID:	12550
Class:	Unknown
CVE:	CVE-2005-0456
Remote:	Yes
Local:	No
Published:	Feb 14 2005 12:00AM
Updated:	Mar 02 2007 08:15PM
Credit:	Discovery of the 'data:' URI issue is credited to Michael Holzt. Discovery of the Opera LiveConnect issue is credited to Jouko Pynnönen.
Vulnerable:	S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Opera Software Opera Web Browser 7.54 Opera Software Opera Web Browser 7.53 Opera Software Opera Web Browser 7.52 Opera Software Opera Web Browser 7.51 Opera Software Opera Web Browser 7.50 Opera Software Opera Web Browser 7.23 Opera Software Opera Web Browser 7.22 Opera Software Opera Web Browser 7.21 Opera Software Opera Web Browser 7.20 Beta 1 build 2981 Opera Software Opera Web Browser 7.20 Opera Software Opera Web Browser 7.11 j Opera Software Opera Web Browser 7.11 b Opera Software Opera Web Browser 7.11 Opera Software Opera Web Browser 7.10 Opera Software Opera Web Browser 7.0 win32 Beta 2 Opera Software Opera Web Browser 7.0 win32 Beta 1 Opera Software Opera Web Browser 7.0 win32 Opera Software Opera Web Browser 7.0 3win32 Opera Software Opera Web Browser 7.0 2win32 Opera Software Opera Web Browser 7.0 1win32 Opera Software Opera Web Browser 6.10 linux Opera Software Opera Web Browser 6.0.5 win32 Opera Software Opera Web Browser 6.0.4 win32 Opera Software Opera Web Browser 6.0.3 win32 Opera Software Opera Web Browser 6.0.3 linux Opera Software Opera Web Browser 6.0.2 win32 Opera Software Opera Web Browser 6.0.2 linux Opera Software Opera Web Browser 6.0.1 win32 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server - Microsoft Windows 95 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows ME - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home - Microsoft Windows XP Home - Microsoft Windows XP Professional - Microsoft Windows XP Professional Opera Software Opera Web Browser 6.0.1 linux Opera Software Opera Web Browser 6.0.1 Opera Software Opera Web Browser 6.0 win32 Gentoo Linux
Not Vulnerable:

Opera Web Browser Multiple Remote Vulnerabilities

Opera Web Browser is reported prone to multiple remotely exploitable vulnerabilities:

- A vulnerability presents itself when the browser handles 'data' URIs. A remote malicious website may exploit this condition to execute arbitrary code in the context of a user that is running a vulnerable version of the affected browser.

- An unspecified security vulnerability resides in the Opera Java LiveConnect class.

Although few details are known regarding this vulnerability, the issue may presumably be exploited by a remote malicious site to access dangerous private Java methods. This is not confirmed.

This BID will be updated when more information is available.

Opera Web Browser Multiple Remote Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Opera Web Browser Multiple Remote Vulnerabilities

Solution:
The vendor has released fixes to address these and other issues.


Opera Software Opera Web Browser 6.0 win32

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 6.0.1 win32

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 6.0.1 linux

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 6.0.1

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 6.0.2 linux

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 6.0.2 win32

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 6.0.3 win32

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 6.0.3 linux

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 6.0.4 win32

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 6.0.5 win32

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 6.10 linux

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.0 3win32

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.0 win32

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.0 win32 Beta 2

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.0 1win32

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.0 win32 Beta 1

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.0 2win32

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.10

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.11 j

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.11 b

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.11

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.20 Beta 1 build 2981

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.20

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.21

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.22

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.23

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.50

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.51

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.52

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.53

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.54

• Opera Software Opera 7.54u2
  http://www.opera.com/download/

Opera Web Browser Multiple Remote Vulnerabilities

References:

• Changelog for Opera 7.54u1 for Linux (Opera Software)
  
• Changelog for Opera 7.54u2 for Linux (Opera Software)
  
• Vulnerability Note VU#882926 - Opera may insecurely execute binary data encoded (CERT/CC)