Two vulnerabilities have been discovered and reported in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and trick users into executing malicious files.
1) The vulnerability is caused due to an error in the handling of extended ASCII codes in the download dialog. This can be exploited to spoof the file extension in the file download dialog via a specially crafted "Content-Disposition" HTTP header.
Successful exploitation may result in users being tricked into executing a malicious file via the download dialog, but requires that the "Arial Unicode MS" font (ARIALUNI.TTF) has been installed on the system.
NOTE: The "Arial Unicode MS" font is installed with various Microsoft Office distributions.
The vulnerability has been confirmed in version 8.01. Other versions may also be affected.
2) An unspecified input validation error where newlines passed to the "setRequestHeader()" function is not properly sanitised, can be exploited to conduct cross-site scripting attacks and disclose user credentials.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Opera Download Dialog Spoofing and "setRequestHeader()" Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.