=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN058
_____________________________________________________________________

DATE                      : 20/02/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Opera versions prior to
                                                                 9.26.

======================================================================
http://www.opera.com/support/search/view/877/
http://www.opera.com/support/search/view/879/
http://www.opera.com/support/search/view/880/
______________________________________________________________________

Advisory: Simulated text inputs can trick users into uploading arbitrary
files

Severity:
Moderately Severe


Problem Description
When a user types into a file input, scripts can cause some of the
keystrokes to be ignored. If the script can convince the user that they
are typing into a normal text input, and not let them see that their
keystrokes are being ignored, it can cause the input to point to known
file paths on the user's computer. The file can then be uploaded without
user interaction.


Opera's Response:
Opera Software has released Opera 9.26, where this issue has been fixed.


Credits

Thanks to Mozilla for reporting this issue to Opera Software.
_________________________________________________________________________

Advisory: Image properties can be used to execute scripts

Severity
Highly Severe


Problem Description
Image properties can contain custom comments. When displaying the image
properties, Opera can be tricked into treating the comments as script.
This can cause the script to be run in the wrong security context.


Opera's Response
Opera Software has released Opera 9.26, where this issue has been fixed.


Credits
Thanks to Max Leonov for reporting this issue to Opera Software.
________________________________________________________________________

Advisory: Representation of DOM attribute values could allow cross-site
scripting

Severity
Moderately Severe


Problem Description
When XML is imported into a document, its attribute values are not
correctly presented to the DOM. This can allow their values to bypass
sanitization filters. If these values are used as document content, they
may in some cases allow scripts to be inserted.


Opera's Response
Opera Software has released Opera 9.26, where this issue has been fixed.


Credits

Thanks to Arnaud for reporting this issue to Opera Software.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================