Opera Multiple Vulnerabilities

Posted on Wednesday, December 07, 2011 @ 17:10:48 UTC in Security
by Raven

SECUNIA ADVISORY ID: SA47077

VERIFY ADVISORY: http://secunia.com/advisories/47077/

RELEASE DATE: 2011-12-06

DESCRIPTION: Multiple vulnerabilities have been reported in Opera, where one has an unknown impact and others can be exploited by malicious people to bypass certain security features, disclose potentially sensitive information, and hijack a user's session. The vulnerabilities are reported in versions prior to 11.60.


1) An unspecified error exists. No further information is currently available.
2) An error when applying domain restrictions to handle cookies and scripting context within some top level domains can be exploited by other sites in that top level domain to access cookies or communicate with scripts.
3) A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols. For more information: SA46168
4) An error when handling the JavaScript "in" operator while executing scripts can be exploited to bypass the cross-domain policy restriction and check for the existence of variables on other sites.

SOLUTION: Update to version 11.60.

PROVIDED AND/OR DISCOVERED BY:
1, 2) Reported by the vendor.
The vendor also credits:
3) Thai Duong and Juliano Rizzo, Netifera
4) David Bloom

ORIGINAL ADVISORY:
Opera:
http://www.opera.com/docs/changelogs/windows/1160/
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/
 
 
click Related        click Share
 
 
Associated Topics

Internet


Software
 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • nextgen
Server TrafficServer Traffic
  • Total: 481,646,106
  • Today: 13,408
Server InfoServer Info
  • Mar 29, 2024
  • 10:21 am UTC