Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Opera, three vulnerabilities

October 2008 by Vigil@nce

SYNTHESIS

Three vulnerabilities have been announced in Opera.

Gravity: 2/4

Consequences: client access/rights, data reading

Provenance: internet server

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 3

Creation date: 21/10/2008

Revision date: 24/10/2008

IMPACTED PRODUCTS

- Novell Linux Desktop
- Novell Open Enterprise Server
- OpenSUSE
- Opera
- SuSE Linux
- SUSE LINUX Enterprise Server

DESCRIPTION

Three vulnerabilities have been announced in Opera.

An attacker can obtain the browsing history of the victim and create a Cross Site Scripting. [grav:1/4; BID-31869, CVE-2008-4696, CVE-2008-4725]

An attacker can use the Fast Forward feature in order to create a Cross Site Scripting. [grav:2/4; CVE-2008-4697]

During the news feed preview, an attacker can obtain the content of subscribed news feeds. [grav:2/4; CVE-2008-4698]

CHARACTERISTICS

Identifiers: BID-31842, BID-31869, CVE-2008-4696, CVE-2008-4697, CVE-2008-4698, CVE-2008-4725, SUSE-SR:2008:022, VIGILANCE-VUL-8189

http://vigilance.aql.fr/vulnerability/8189




See previous articles

    

See next articles