=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN474
_____________________________________________________________________

DATE                      : 23/11/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Opera versions prior to 10.10.

======================================================================
http://www.opera.com/support/kb/view/942/
http://www.opera.com/support/kb/view/941/
______________________________________________________________________

Advisory: Heap buffer overflow in string to number conversion


Description

Passing very long strings through the string to number conversion using
JavaScript in Opera may result in heap buffer overflows. This also affects
the dtoa routine, and was reported in CVE-2009-0689. In most cases Opera
will just freeze or terminate, but in some cases this could lead to a crash
which could be used to execute code. To inject code, additional techniques
will have to be employed.


Severity

Extremely severe


Opera's Response

Opera Software has released Opera 10.10 where this issue has been fixed.

______________________________________________________________________


Advisory: Error messages can leak onto unrelated sites


Description

Scripting error messages are normally available only to the page that
caused the error. In some cases, the error messages could be passed to
other sites as the contents of unrelated variables, and may contain
sensitive information. If those sites write the content into the page markup,
this could allow cross-site scripting, using code provided by the attacking
site. This issue only affects installations that have enabled stacktraces
for exceptions, these are disabled by default.


Severity

Highly severe


Opera's Response

Opera Software has released Opera 10.10 where this issue has been fixed.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================