Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 71818 - net-www/opera: Java vulnerabilities
Summary: net-www/opera: Java vulnerabilities
Status: RESOLVED DUPLICATE of bug 74076
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [upstream] jaervosz
Depends on:
Reported: 2004-11-20 01:12 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-07-17 13:06 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-20 01:12:44 UTC
Full details on BugTraq.

Short summary:

Opera does not follow Sun's guidelines for secure Java programming. Internal access to sun-packages is granted.

XSLT processor covert channel attack with bundled JRE ( though it seems dead now, Google has a nice cache.)

Internal pointer DoS exploitation

Exposure of location of local java installation

Exposure of local user name to an untrusted applet
Comment 1 Luke Macken (RETIRED) gentoo-dev 2004-11-22 12:47:34 UTC
According to secunia's advisory[1], this issue is fixed in 7.60 beta versions of opera.

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-28 10:39:39 UTC
Still no release upstream. CC'ing maintainer.
Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev 2004-12-12 12:48:26 UTC
this (partly?) seems to be adressed in bug #74076
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-12-21 06:28:50 UTC
Fixed with 7.54u1, will be addressed in bug 74076

*** This bug has been marked as a duplicate of 74076 ***