Vigil@nce: Opera, four vulnerabilities
December 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to display a malicious site with
Opera, in order to create a Cross Site Scripting.
– Severity: 2/4
– Creation date: 06/12/2011
IMPACTED PRODUCTS
– OpenSUSE
– Opera
DESCRIPTION OF THE VULNERABILITY
Four vulnerabilities were announced in Opera.
An unknown vulnerability impacts Opera. [severity:2/4; BID-50916,
CVE-2011-4683]
In some cases, an attacker can write or read a cookie for a Top
Level Domain. [severity:2/4; BID-50914, CVE-2011-4681]
Some certificates are not correctly revoked. [severity:2/4;
CVE-2011-4684]
An attacker can use the JavaScript "in" operator, in order to
access to data of another site. [severity:2/4; BID-50915,
CVE-2011-4682]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Opera-four-vulnerabilities-11196