BID:52731

Opera Web Browser 11.62 prior Multiple Security Vulnerabilities

Info

Opera Web Browser 11.62 prior Multiple Security Vulnerabilities

Bugtraq ID:	52731
Class:	Unknown
CVE:	CVE-2012-1924 CVE-2012-1925 CVE-2012-1926 CVE-2012-1927 CVE-2012-1928 CVE-2012-1929 CVE-2012-1930 CVE-2012-1931
Remote:	Yes
Local:	No
Published:	Mar 27 2012 12:00AM
Updated:	May 11 2012 03:40PM
Credit:	Reported by the vendor and Jordi Chancel
Vulnerable:	SuSE openSUSE 12.1 SuSE openSUSE 11.4 Opera Software Opera Web Browser 11.61 Opera Software Opera Web Browser 11.60 Opera Software Opera Web Browser 11.52 Opera Software Opera Web Browser 11.51 Opera Software Opera Web Browser 11.50 Opera Software Opera Web Browser 11.11 Opera Software Opera Web Browser 11.10 Opera Software Opera Web Browser 11.01 Opera Software Opera Web Browser 11.00 Opera Software Opera Web Browser 10.63 Opera Software Opera Web Browser 10.62 Opera Software Opera Web Browser 10.61 Opera Software Opera Web Browser 10.60 Beta1 Opera Software Opera Web Browser 10.60 Opera Software Opera Web Browser 10.60 Opera Software Opera Web Browser 10.54 Opera Software Opera Web Browser 10.54 Opera Software Opera Web Browser 10.53 B Opera Software Opera Web Browser 10.53 Opera Software Opera Web Browser 10.52 Opera Software Opera Web Browser 10.51 Opera Software Opera Web Browser 10.50 Beta2 Opera Software Opera Web Browser 10.50 Beta1 Opera Software Opera Web Browser 10.50 Opera Software Opera Web Browser 10.10 Beta1 Opera Software Opera Web Browser 10.10 Opera Software Opera Web Browser 10.1 Opera Software Opera Web Browser 10.01 Opera Software Opera Web Browser 10.00 Beta3 Opera Software Opera Web Browser 10.00 Beta2 Opera Software Opera Web Browser 10.00 Beta1 Opera Software Opera Web Browser 10.00 Opera Software Opera Web Browser 10 Opera Software Opera 11.10

Not Vulnerable:	Opera Software Opera Web Browser 11.62

Discussion

Opera Web Browser 11.62 prior Multiple Security Vulnerabilities

Opera web browser is prone to a cross-domain scripting vulnerability, multiple remote code-execution vulnerabilities, and multiple address bar URI-spoofing vulnerabilities.

An attacker can exploit these issues to execute arbitrary code, display arbitrary content while showing the URI of a trusted website in the address bar in order to perform phishing attacks or to bypass same-origin protection to obtain potentially sensitive information. Other attacks are also possible.

Opera versions priror to 11.62 are vulnerable.

Exploit / POC

Opera Web Browser 11.62 prior Multiple Security Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Opera Web Browser 11.62 prior Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

References

Opera Web Browser 11.62 prior Multiple Security Vulnerabilities

References:

Advisory: Carefully timed reloads and redirects can spoof the address field (Opera Software)
Advisory: History.state can leak the state data from cross domain pages (Opera Software)
Advisory: Overlapping content can trick users into executing downloads (Opera Software)
Advisory: Small windows can be used to trick users into executing downloads (Opera Software)
Advisory: Web page dialogs can be used to to display the wrong address in the ad (Opera Software)
Opera 11.62 for Windows changelog (Opera Software)
Opera Homepage (Opera Software)