FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-0127

This CVE name corresponds to:

Entered Topic
2007-01-05 opera -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-0127
Phase Assigned(20070108)

Description

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.

References

Source Reference
IDEFENSE 20070105 Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability
CONFIRM http://www.opera.com/support/search/supsearch.dml?index=851
GENTOO GLSA-200701-08
SUSE SUSE-SA:2007:009
VUPEN ADV-2007-0060
OSVDB 31575
SECTRACK 1017473
SECUNIA 23613
SECUNIA 23739
SECUNIA 23771