68 lines
2.3 KiB
XML
68 lines
2.3 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
<glsa id="200407-15">
|
|
<title>Opera: Multiple spoofing vulnerabilities</title>
|
|
<synopsis>
|
|
Opera contains three vulnerabilities, allowing an attacker to impersonate
|
|
legitimate websites with URI obfuscation or to spoof websites with frame
|
|
injection.
|
|
</synopsis>
|
|
<product type="ebuild">opera</product>
|
|
<announced>2004-07-20</announced>
|
|
<revised count="01">2004-07-20</revised>
|
|
<bug>56311</bug>
|
|
<bug>56109</bug>
|
|
<access>remote</access>
|
|
<affected>
|
|
<package name="www-client/opera" auto="yes" arch="*">
|
|
<unaffected range="ge">7.53</unaffected>
|
|
<vulnerable range="le">7.52</vulnerable>
|
|
</package>
|
|
</affected>
|
|
<background>
|
|
<p>
|
|
Opera is a multi-platform web browser.
|
|
</p>
|
|
</background>
|
|
<description>
|
|
<p>
|
|
Opera fails to remove illegal characters from an URI of a link and to check
|
|
that the target frame of a link belongs to the same website as the link.
|
|
Opera also updates the address bar before loading a page. Additionally,
|
|
Opera contains a certificate verification problem.
|
|
</p>
|
|
</description>
|
|
<impact type="normal">
|
|
<p>
|
|
These vulnerabilities could allow an attacker to impersonate legitimate
|
|
websites to steal sensitive information from users. This could be done by
|
|
obfuscating the real URI of a link or by injecting a malicious frame into
|
|
an arbitrary frame of another browser window.
|
|
</p>
|
|
</impact>
|
|
<workaround>
|
|
<p>
|
|
There is no known workaround at this time. All users are encouraged to
|
|
upgrade to the latest available version.
|
|
</p>
|
|
</workaround>
|
|
<resolution>
|
|
<p>
|
|
All Opera users should upgrade to the latest stable version:
|
|
</p>
|
|
<code>
|
|
# emerge sync
|
|
|
|
# emerge -pv ">=www-client/opera-7.53"
|
|
# emerge ">=www-client/opera-7.53"</code>
|
|
</resolution>
|
|
<references>
|
|
<uri link="http://www.securityfocus.com/bid/10517">Bugtraq Announcement</uri>
|
|
<uri link="https://secunia.com/advisories/11978/">Secunia Advisory SA11978</uri>
|
|
<uri link="https://secunia.com/advisories/12028/">Secunia Advisory SA12028</uri>
|
|
<uri link="https://www.opera.com/linux/changelogs/753/">Opera Changelog</uri>
|
|
</references>
|
|
<metadata tag="submitter">
|
|
jaervosz
|
|
</metadata>
|
|
</glsa>
|