FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

opera -- multiple vulnerabilities

Affected packages
linux-opera < 9.62
opera < 9.62

Details

VuXML ID 0e30e802-a9db-11dd-93a2-000bcdf0a03b
Discovery 2008-11-03
Entry 2008-11-03
Modified 2010-05-02

Opera reports:

When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration, allowing them to execute arbitrary code.

The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated frame, which allows cross-site scripting.

References

CVE Name CVE-2008-4794
URL http://www.opera.com/support/search/view/906/
URL http://www.opera.com/support/search/view/907/