Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 277716 (CVE-2009-2351) - <=www-client/opera-9.52 multiple vulnerabilites (CVE-2009-{2351,3269})
Summary: <=www-client/opera-9.52 multiple vulnerabilites (CVE-2009-{2351,3269})
Status: RESOLVED FIXED
Alias: CVE-2009-2351
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-07-13 21:30 UTC by Stefan Behte (RETIRED)
Modified: 2011-01-02 19:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-07-13 21:30:33 UTC 
CVE-2009-2351 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2351):
  Opera 9.52 and earlier does not block javascript: URIs in Refresh
  headers in HTTP responses, which allows remote attackers to conduct
  cross-site scripting (XSS) attacks via vectors related to (1)
  injecting a Refresh header or (2) specifying the content of a Refresh
  header, a related issue to CVE-2009-1312.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-07-13 21:32:36 UTC 
jer, is this fixed in the newest in-tree version?

From http://downloads.securityfocus.com/vulnerabilities/exploits/mustlive-browser.txt:
With request to script at web site:
http://www.example.com/script.php?param=javascript:alert(document.cookie)
Which returns in answer the refresh header:
refresh: 0; URL=javascript:alert(document.cookie)
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 15:00:32 UTC 
CVE-2009-3269 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3269):
  Opera 9.52 and earlier allows remote attackers to cause a denial of
  service (CPU consumption) via a series of automatic submissions of a
  form containing a KEYGEN element, a related issue to CVE-2009-1828.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2010-11-26 22:57:59 UTC 
Vulnerable versions are no longer in the team.

GLSA Vote: No.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2011-01-02 19:11:29 UTC 
Age -> GLSA Vote: No.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-01-02 19:34:27 UTC 
Thanks, folks. Closing noglsa with two No votes.