LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

opera: multiple vulnerabilities

Package(s):opera CVE #(s):CVE-2010-2576 CVE-2010-3019 CVE-2010-3020 CVE-2010-3021
Created:August 26, 2010 Updated:September 1, 2010
Description:

From the SUSE advisory:

- CVE-2010-2576: CVSS v2 Base Score: 6.8 (CWE-94): unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewitt of Secunia

- CVE-2010-3019: CVSS v2 Base Score: 9.3 (CWE-119): heap buffer overflow in HTML5 canvas could be used to execute arbitrary code, as reported by Kuzzcc

- CVE-2010-3020: CVSS v2 Base Score: 5.0 (CWE-264): news feed preview could subscribe to feeds without interaction, as reported by Alexios Fakos

- CVE-2010-3021: CVSS v2 Base Score: 4.3 (CWE-399): remote attackers could trigger a remote denial of service (CPU consumption and application hang) via an animated PNG image

Alerts:
SUSE SUSE-SR:2010:016 2010-08-26
Gentoo 201206-03 2012-06-15
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds