LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Opera: multiple vulnerabilities

Package(s):opera CVE #(s):CVE-2008-5178 CVE-2008-5679 CVE-2008-5680 CVE-2008-5681 CVE-2008-5682 CVE-2008-5683
Created:March 17, 2009 Updated:March 18, 2009
Description: From the Gentoo advisory: Multiple vulnerabilities were discovered in Opera:

* Vitaly McLain reported a heap-based buffer overflow when processing host names in file:// URLs (CVE-2008-5178).

* Alexios Fakos reported a vulnerability in the HTML parsing engine when processing web pages that trigger an invalid pointer calculation and heap corruption (CVE-2008-5679).

* Red XIII reported that certain text-area contents can be manipulated to cause a buffer overflow (CVE-2008-5680).

* David Bloom discovered that unspecified "scripted URLs" are not blocked during the feed preview (CVE-2008-5681).

* Robert Swiecki of the Google Security Team reported a Cross-site scripting vulnerability (CVE-2008-5682).

* An unspecified vulnerability reveals random data (CVE-2008-5683).

* Tavis Ormandy of the Google Security Team reported a vulnerability when processing JPEG images that may corrupt memory (CVE pending).

Alerts:
Gentoo 200903-30 2009-03-16
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds