Bug 484958 (CVE-2013-4705)

Summary:	<www-client/opera-12.16_p1860-r1: XSS vulnerability (CVE-2013-4705)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED OBSOLETE
Severity:	minor	CC:	jer
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=482812
Whiteboard:	B4 [noglsa]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2013-09-15 02:47:37 UTC

CVE-2013-4705 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4705):
  Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote
  attackers to inject arbitrary web script or HTML by leveraging UTF-8
  encoding.

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2013-09-17 16:11:53 UTC

It isn't obvious whether "before 15.00" includes the 12.00 branch which we support for Linux/FreeBSD, even though the advisory seems to suggest exactly that.

Comment 2 Yury German Gentoo Infrastructure

2013-10-03 03:27:30 UTC

Looks by the CVE Link that the 12.00 branch is affected. Last version mentioned in the CVE is 12.14.

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2013-10-03 13:04:00 UTC

(In reply to Yury German from comment #2)

The list mentions version 1.0. I think that's a generous interpretation of "before 15.00" and nothing to be taken seriously.

Comment 4 Aaron Bauman (RETIRED) gentoo-dev

2016-06-21 08:11:29 UTC

12.16 is not mentioned in the CVE at all, which is the current 12.x version in the tree.

GLSA Vote: No