=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN242
_____________________________________________________________________

DATE                      : 01/07/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Opera versions prior to 10.60.

======================================================================
http://www.opera.com/support/kb/view/957/
http://www.opera.com/support/kb/view/958/
______________________________________________________________________

Advisory: Double-clicking a link can unexpectedly run a program from the Internet


Severity
Moderately severe


Description

When a user clicks a link on a Web page that points to an executable file,
Opera will show a download dialog to allow the user to download it. The
dialog will allow the user to choose to run the executable directly. If
the user accidentally double clicks, the second click will activate whatever
is now under the mouse. A carefully constructed page could cause the second
click to activate the buttons on the dialog, allowing the executable to run.

Previous versions of Opera had a delay before the button would respond to
counteract this possibility. A recent interface change caused this protection
not to function correctly.


Affected versions

This issue affects Opera for Windows and Mac.


Opera's response

Opera Software has released Opera 10.60 where this issue has been fixed.

________________________________________________________________________

Advisory: Users can be tricked into uploading unexpected files


Severity
Less severe


Description

Plug-ins may be used to seed the system clipboard with paths to a target file,
while the user may not expect that to be the contents of the clipboard. If the
user can be convinced to focus a file input and paste the contents of the
clipboard, the file can then be immediately uploaded without requiring the user's
confirmation.


Opera's response

Opera Software has released Opera 10.60, where file inputs no longer allow
the user to paste file paths without interaction. To paste or type file paths,
users must now use the "Choose" button, and type or paste into the file chooser
provided by the operating system.


Credits

Thanks to Andrew Valums for reporting this issue to Opera Software.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================