The first vulnerability is related to History Search functionality.
"When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration, allowing them to execute arbitrary code."
There're have already been public demonstrations of this vulnerability.
The second vulnerability is related to links panel in Opera.
"The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated frame, which allows cross-site scripting."
Above meantioned vulnerabilities affect Opera versions prior 9.62. Opera instructs users of those versions to update to the latest version found here.
More information on the vulnerabilities:
Advisory: History Search can be used to execute arbitrary code
Advisory: The links panel can allow cross-site scripting
No comments:
Post a Comment