n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2008.010 16-Dec-2008
_______________________________________________________________________
Vendor: Opera Software ASA, http://www.opera.com
Affected Products: Opera Browser all platforms
Vulnerability: HTML parsing flaw lead to remote code execution
Risk: HIGH
_______________________________________________________________________
from OUSPG found a heap corruption in gfxImageSurface which allows for
invalid frees and possible remote code execution. This happens due
to float error, resulting from graphics values being passed through
different number systems (CVE-2012-0470).
Anne van Kesteren of Opera Software found a multi-octet encoding
issue where certain octets will destroy the following octets in the
processing of some multibyte character sets. This can leave users
vulnerable to cross-site scripting (XSS) attacks on maliciously
crafted web pages (CVE-2012-0471).
* Collin Jackson and Adam Barth reported that JAR signing is not
properly implemented, allowing injection of JavaScript into documents
within a JAR archive (CVE-2008-2801).
* Opera Software reported an error allowing for arbitrary local file
upload (CVE-2008-2805).
* Daniel Glazman reported that an invalid .properties file for an
add-on might lead to the usage of uninitialized memory
(CVE-2008-2807).
Original URL:
http://securityreason.com/achievement_securityalert/73
- --- 0.Description ---
Opera is a Web browser and Internet suite developed by the Opera Software company. The browser handles common Internet-related tasks such as displaying Web sites, sending and receiving e-mail messages, managing contacts, IRC online chatting, downloading files via BitTorrent, and reading Web feeds. Opera is offered free of charge for personal computers and mobile phones.
- --- 1. Opera 10.01 Remote Array Overrun (Arbitrary code execution) ---
The main problem exist in dtoa implementation. Opera has a very similar dtoa algorithm to the BSD, Chrome and Mozilla products. It is the same issue like SREASONRES:20090625.
from OUSPG found a heap corruption in gfxImageSurface which allows for
invalid frees and possible remote code execution. This happens due
to float error, resulting from graphics values being passed through
different number systems (CVE-2012-0470).
Anne van Kesteren of Opera Software found a multi-octet encoding
issue where certain octets will destroy the following octets in the
processing of some multibyte character sets. This can leave users
vulnerable to cross-site scripting (XSS) attacks on maliciously
crafted web pages (CVE-2012-0471).
