Opera browser multiple security vulnerabilities - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Opera browser multiple security vulnerabilities
Published: 05.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8751
Type: client
Level: 6/10
Description: Information leakage on form file upload, images comments scrip execution , DOM sanitization filters bypass.

Affected: OPERA : Opera 9.25
CVE: CVE-2008-1082 (Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation.)
CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.)
CVE-2008-1080 (Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input.)

Original document GENTOO, [ GLSA 200803-09 ] Opera: Multiple vulnerabilities (05.03.2008)

Discuss: Read or add your comments to this news (0 comments)