Multiple vulnerabilities were identified in Opera, which could be exploited by attackers to bypass certain security restrictions or conduct spoofing and cross site scripting attacks.
The first issue is due to an error in the Opera Mail client where attached files are opened without any warnings directly from the user's cache directory, which could be exploited to execute arbitrary JavaScript in context of "file://".
The second vulnerability is due to an error in the Opera Mail client that does not properly validate filename extensions, which could be exploited by attackers to conduct extensions spoofings by appending the "." character to the end of a filename.
The third flaw is due to an unspecified drag-and-drop error allowing unintentional file uploads.
The fourth problem is due to an unspecified error in the handling of must-revalidate cache directive for HTTPS pages.
The fifth issue is due to an unspecified error when handling cookie comment encoding.
Credits
Vulnerabilities reported by Jakob Balle and Michael Krax
ChangeLog
2005-09-20 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
