Security * Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by David Bloom. Details will be disclosed at a later date. * Fixed an issue with TLS certificates that could be used to execute arbitrary code, as reported by Alexander Klink (Cynops GmbH). Details will be disclosed at a later date. * Rich text editing can no longer be used to allow cross domain scripting, as reported by David Bloom. See our advisory. * Prevented bitmaps from revealing random data from memory, as reported by Gynvael Coldwind. Details will be disclosed at a later date. Reproducible: Always
Thanks for reporting this to us, ollonois. Jeroen, please advise.
www-client/opera-9.25 is in CVS.
Arches, please test and mark stable www-client/opera-9.25. Target keywords : "amd64 ppc sparc x86"
x86 stable
Stable for sparc. Appears to work fine.
ppc stable
amd64 stable
All arches done, GLSA request filed.
CVE ids were assigned as follows: CVE-2007-6520: Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. CVE-2007-6521 Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. CVE-2007-6522 The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. CVE-2007-6524 Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file.
GLSA 200712-22