Ravens PHP Scripts

Opera Multiple Vulnerabilities
Date: Wednesday, December 07, 2011 @ 16:10:48 PST
Topic: Security


SECUNIA ADVISORY ID: SA47077

VERIFY ADVISORY: http://secunia.com/advisories/47077/

RELEASE DATE: 2011-12-06

DESCRIPTION: Multiple vulnerabilities have been reported in Opera, where one has an unknown impact and others can be exploited by malicious people to bypass certain security features, disclose potentially sensitive information, and hijack a user's session. The vulnerabilities are reported in versions prior to 11.60.




1) An unspecified error exists. No further information is currently available.
2) An error when applying domain restrictions to handle cookies and scripting context within some top level domains can be exploited by other sites in that top level domain to access cookies or communicate with scripts.
3) A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols. For more information: SA46168
4) An error when handling the JavaScript "in" operator while executing scripts can be exploited to bypass the cross-domain policy restriction and check for the existence of variables on other sites.

SOLUTION: Update to version 11.60.

PROVIDED AND/OR DISCOVERED BY:
1, 2) Reported by the vendor.
The vendor also credits:
3) Thai Duong and Juliano Rizzo, Netifera
4) David Bloom

ORIGINAL ADVISORY:
Opera:
http://www.opera.com/docs/changelogs/windows/1160/
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3988