Summary: | <www-client/opera-11.60.1185 - Multiple vulnerabilities (CVE-2011-{4681,4682,4683}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.opera.com/docs/changelogs/unix/1160/ | ||
Whiteboard: | B4? [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2011-12-06 13:58:05 UTC
Arch teams, please test and mark stable: =www-client/opera-11.60.1185 Target KEYWORDS="amd64 x86" There is more than one vulnerabilities, but secunia, atm, shows only one CVE number. I will investigate. https://secunia.com/advisories/47077/ amd64 ok' x86 stable amd64: pass Stable for AMD64, thanks Elijah @security, please confirm B4 and go to vote. Thanks, folks. GLSA vote: yes, since the issue with undisclosed details is likely more severe. CVE-2011-4683 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683): Unspecified vulnerability in Opera before 11.60 has unknown impact and attack vectors, related to a "moderately severe issue." CVE-2011-4682 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682): The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites. CVE-2011-4681 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681): Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain. Added to pending GLSA. This issue was resolved and addressed in GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml by GLSA coordinator Sean Amoss (ackle). |