Vigil@nce: Opera, three vulnerabilities
October 2008 by Vigil@nce
SYNTHESIS
Three vulnerabilities have been announced in Opera.
Gravity: 2/4
Consequences: client access/rights, data reading
Provenance: internet server
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 3
Creation date: 21/10/2008
Revision date: 24/10/2008
IMPACTED PRODUCTS
– Novell Linux Desktop
– Novell Open Enterprise Server
– OpenSUSE
– Opera
– SuSE Linux
– SUSE LINUX Enterprise Server
DESCRIPTION
Three vulnerabilities have been announced in Opera.
An attacker can obtain the browsing history of the victim and
create a Cross Site Scripting. [grav:1/4; BID-31869,
CVE-2008-4696, CVE-2008-4725]
An attacker can use the Fast Forward feature in order to create a
Cross Site Scripting. [grav:2/4; CVE-2008-4697]
During the news feed preview, an attacker can obtain the content
of subscribed news feeds. [grav:2/4; CVE-2008-4698]
CHARACTERISTICS
Identifiers: BID-31842, BID-31869, CVE-2008-4696, CVE-2008-4697,
CVE-2008-4698, CVE-2008-4725, SUSE-SR:2008:022, VIGILANCE-VUL-8189