202770 – (CVE-2007-6520) www-client/opera < 9.25 Multiple vulnerabilities (CVE-2007-{6520,6521,6522,6524})

Bug 202770 (CVE-2007-6520) - www-client/opera < 9.25 Multiple vulnerabilities (CVE-2007-{6520,6521,6522,6524})

Summary: www-client/opera < 9.25 Multiple vulnerabilities (CVE-2007-{6520,6521,6522,65...

Status:	RESOLVED FIXED

Alias:	CVE-2007-6520

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.opera.com/docs/changelogs/...
Whiteboard:	B2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2007-12-19 11:38 UTC by ollonois
Modified:	2007-12-30 17:23 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ollonois 2007-12-19 11:38:10 UTC

Security

    * Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by David Bloom. Details will be disclosed at a later date.
    * Fixed an issue with TLS certificates that could be used to execute arbitrary code, as reported by Alexander Klink (Cynops GmbH). Details will be disclosed at a later date.
    * Rich text editing can no longer be used to allow cross domain scripting, as reported by David Bloom. See our advisory.
    * Prevented bitmaps from revealing random data from memory, as reported by Gynvael Coldwind. Details will be disclosed at a later date.

Reproducible: Always

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2007-12-19 12:51:33 UTC

Thanks for reporting this to us, ollonois.

Jeroen, please advise.

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2007-12-19 14:51:11 UTC

www-client/opera-9.25 is in CVS.

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2007-12-19 22:21:53 UTC

Arches, please test and mark stable www-client/opera-9.25.
Target keywords : "amd64 ppc sparc x86"

Comment 4 Christian Faulhammer (RETIRED) gentoo-dev

2007-12-20 07:24:04 UTC

x86 stable

Comment 5 Ferris McCormick (RETIRED) gentoo-dev

2007-12-20 13:38:51 UTC

Stable for sparc.  Appears to work fine.

Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev

2007-12-21 12:58:12 UTC

ppc stable

Comment 7 Peter Weller (RETIRED) gentoo-dev

2007-12-22 12:42:08 UTC

amd64 stable

Comment 8 Tobias Heinlein (RETIRED) gentoo-dev

2007-12-22 12:47:15 UTC

All arches done, GLSA request filed.

Comment 9 Robert Buchholz (RETIRED) gentoo-dev

2007-12-24 23:51:35 UTC

CVE ids were assigned as follows:

CVE-2007-6520:
  Opera before 9.25 allows remote attackers to conduct cross-domain
  scripting attacks via unknown vectors related to plug-ins.

CVE-2007-6521
  Unspecified vulnerability in Opera before 9.25 allows remote attackers
  to execute arbitrary code via crafted TLS certificates.

CVE-2007-6522
  The rich text editing functionality in Opera before 9.25 allows remote
  attackers to conduct cross-domain scripting attacks by using
  designMode to modify contents of pages in other domains.

CVE-2007-6524
  Opera before 9.25 allows remote attackers to obtain potentially
  sensitive memory contents via a crafted bitmap (BMP) file.

Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-12-30 17:23:29 UTC

GLSA 200712-22