===================================================================== CERT-Renater Note d'Information No. 2008/VULN603 _____________________________________________________________________ DATE : 18/12/2008 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Opera versions prior to 9.63. ====================================================================== http://www.opera.com/support/kb/view/921/ http://www.opera.com/support/kb/view/924/ http://www.opera.com/support/kb/view/920/ http://www.opera.com/support/kb/view/923/ ______________________________________________________________________ Advisory: HTML parsing flaw can cause Opera to execute arbitrary code Severity Extremely Severe Problem Description Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional techniques will have to be employed. Opera's Response Opera Software has released Opera 9.63, where this issue has been fixed. Credits Thanks to Alexios Fakos for reporting this issue to Opera Software. ___________________________________________________________________________ Advisory: Built-in XSLT templates can allow cross-site scripting Severity Highly Severe Problem Description Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untrusted users, which it then displays using XSLT as escaped strings, this can allow scripted markup to be injected. The scripts will then be executed in the security context of that site. Opera's Response Opera Software has released Opera 9.63, where this issue has been fixed. Credits Thanks to Robert Swiecki of the Google Security Team for reporting this issue to Opera Software. ________________________________________________________________________ Advisory: Manipulating text input contents can allow execution of arbitrary code Severity Extremely Severe Problem Description Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code. Opera's Response Opera Software has released Opera 9.63, where this issue has been fixed. Credits Thanks to Red XIII for reporting this issue to Opera Software. ________________________________________________________________________ Advisory: Script injection in feed preview can reveal contents of unrelated news feeds Severity Highly Severe Problem Description When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information. Opera's Response Opera Software has released Opera 9.63, where this issue has been fixed. Credits Thanks to David Bloom for reporting this issue to Opera Software. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================