Vigil@nce: Opera, two vulnerabilities
December 2009 by Vigil@nce
An attacker can obtain information or generate a Cross Site
Scripting.
Severity: 2/4
Consequences: user access/rights, data reading
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 02/12/2009
IMPACTED PRODUCTS
– Opera
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in Opera.
Opera enables exception tracing. When activated, script error
messages are stored in variables. However, any script from any
site can access those variables. An attacker can therefore obtain
information or generate a Cross Site Scripting. [grav:2/4;
BID-37089, CVE-2009-4071]
A vulnerability exists in Opera. Technical details are unknown.
[grav:2/4; BID-37089, CVE-2009-4072]
CHARACTERISTICS
Identifiers: BID-37089, CVE-2009-4071, CVE-2009-4072,
VIGILANCE-VUL-9234
http://vigilance.fr/vulnerability/Opera-two-vulnerabilities-9234