Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386217

Summary: <www-client/opera-9.52: Multiple vulnerabilities (CVE-2010-{1989,1993,2121})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 01:09:20 UTC 
CVE-2010-1989 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989):
  Opera 9.52 executes a mail application in situations where an IMG element
  has a SRC attribute that is a redirect to a mailto: URL, which allows remote
  attackers to cause a denial of service (excessive application launches) via
  an HTML document with many images, a related issue to CVE-2010-0181.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 01:15:51 UTC 
CVE-2010-2121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121):
  Opera 9.52 allows remote attackers to cause a denial of service (resource
  consumption) via JavaScript code containing an infinite loop that creates
  IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 17:41:19 UTC 
This issue was resolved and addressed in
 GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml
by GLSA coordinator Sean Amoss (ackle).