=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN230
_____________________________________________________________________

DATE                      : 18/06/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Opera versions prior to 9.5.

======================================================================
http://www.opera.com/support/search/view/883/
http://www.opera.com/support/search/view/885/
______________________________________________________________________
Advisory: Images can be read cross-domain with canvas

Severity: Less Severe

Problem Description

HTML CANVAS elements can use images as patterns, and that image data is
made available to scripts. When the images are retrieved from other Web
sites, the image data should no longer be available to scripts. A flaw
exists in the way that Opera checks for the source of these images.
Suitable manipulation can cause Opera to reveal the image data to
scripts.


Opera's Response

Opera Software has released Opera 9.5, where this issue has been fixed.


Credits

Thanks to Philip Taylor for reporting this issue to Opera Software.
_______________________________________________________________________

Advisory: Pages held in frames are able to change the location of pages
in unrelated frames on the parent page


Severity: Less Severe


Problem Description:

Pages from different sources held on the same parent page should not be
able to modify the locations of each other. In affected Opera versions,
if a page contains frames from both a trusted but not secured, and an
untrusted source, the untrusted page is able to replace the contents of
a named trusted frame, causing it to display misleading information.

Note that since the untrusted frame could also display misleading
information as its own contents, authors of sites containing sensitive
information should not place frames from untrusted sources on their
pages, without offering the user some means to identify the content as
untrusted.


Opera's Response:

Opera Software has released Opera 9.5, where this issue has been fixed.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================