FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

opera -- multiple vulnerabilities

Affected packages
linux-opera < 9.22
opera < 9.22
opera-devel < 9.22

Details

VuXML ID 12d266b6-363f-11dc-b6c9-000c6ec775d9
Discovery 2007-07-19
Entry 2007-07-19
Modified 2010-05-12

Opera Software ASA reports of multiple security fixes in Opera, including an arbitrary code execute vulnerability:

Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function that leaves old data that was in the memory before Opera allocated it in the new pattern. The pattern can be read and analyzed by JavaScript, so an attacker can get random samples of the user's memory, which may contain data.

Removing a specially crafted torrent from the download manager can crash Opera. The crash is caused by an erroneous memory access.

An attacker needs to entice the user to accept the malicious BitTorrent download, and later remove it from Opera's download manager. To inject code, additional means will have to be employed.

Users clicking a BitTorrent link and rejecting the download are not affected.

data: URLs embed data inside them, instead of linking to an external resource. Opera can mistakenly display the end of a data URL instead of the beginning. This allows an attacker to spoof the URL of a trusted site.

Opera's HTTP authentication dialog is displayed when the user enters a Web page that requires a login name and a password. To inform the user which server it was that asked for login credentials, the dialog displays the server name.

The user has to see the entire server name. A truncated name can be misleading. Opera's authentication dialog cuts off the long server names at the right hand side, adding an ellipsis (...) to indicate that it has been cut off.

The dialog has a predictable size, allowing an attacker to create a server name which will look almost like a trusted site, because the real domain name has been cut off. The three dots at the end will not be obvious to all users.

This flaw can be exploited by phishers who can set up custom sub-domains, for example by hosting their own public DNS.

References

CVE Name CVE-2007-3929
CVE Name CVE-2007-4944
URL http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=564
URL http://www.opera.com/docs/changelogs/freebsd/922/
URL http://www.opera.com/support/search/view/861/
URL http://www.opera.com/support/search/view/862/
URL http://www.opera.com/support/search/view/863/
URL http://www.opera.com/support/search/view/864/