484958 – (CVE-2013-4705) <www-client/opera-12.16_p1860-r1: XSS vulnerability (CVE-2013-4705)

Bug 484958 (CVE-2013-4705) - <www-client/opera-12.16_p1860-r1: XSS vulnerability (CVE-2013-4705)

Summary: <www-client/opera-12.16_p1860-r1: XSS vulnerability (CVE-2013-4705)

Status:	RESOLVED OBSOLETE

Alias:	CVE-2013-4705

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2013-09-15 02:47 UTC by GLSAMaker/CVETool Bot
Modified:	2016-06-21 08:11 UTC (History)
CC List:	1 user (show)

See Also:	482812
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2013-09-15 02:47:37 UTC

CVE-2013-4705 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4705):
  Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote
  attackers to inject arbitrary web script or HTML by leveraging UTF-8
  encoding.

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2013-09-17 16:11:53 UTC

It isn't obvious whether "before 15.00" includes the 12.00 branch which we support for Linux/FreeBSD, even though the advisory seems to suggest exactly that.

Comment 2 Yury German Gentoo Infrastructure

2013-10-03 03:27:30 UTC

Looks by the CVE Link that the 12.00 branch is affected. Last version mentioned in the CVE is 12.14.

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2013-10-03 13:04:00 UTC

(In reply to Yury German from comment #2)

The list mentions version 1.0. I think that's a generous interpretation of "before 15.00" and nothing to be taken seriously.

Comment 4 Aaron Bauman (RETIRED) gentoo-dev

2016-06-21 08:11:29 UTC

12.16 is not mentioned in the CVE at all, which is the current 12.x version in the tree.

GLSA Vote: No