A vulnerability was discovered in Opera 12.11

Posted: December 5, 2012 in Vulnerabilities, Vulnerability News
Tags: ,

Opera Alert

In the browser, Opera 12.11 yesterday is vulnerable Write AV, which is shown when you open the GIF-file and crashes the browser.

Because of incorrect exception handling in Opera when opening a specially crafted GIF-file is heap corruption.

Theoretically, this vulnerability browser can be used to create malicious exploits, so to fix this using this browser may not be safe.

It should be noted that this is not the first problem with security in Opera recently. In early October 2012 vulnerability was discovered Opera 12, which allows you to use images and specific headers are redirect visitors to another site.

If the code page opened an attacker could place a tag like this:

<img src=”http://evil.com/evil.png”&gt;
(Where evil.com – controlled by the server)
and pay when prompted http://evil.com/evil.png following headline:
Refresh: 0; url = data: application / internet-shortcut, [INTERNETSHORTCUT]% 0D% 0AURL = http://evil.com/

the browser Opera 12 is automatically jump to that address.
Opera Company representatives said they did not consider this vulnerability, and blame the owners of websites that “do not hold control input from untrusted users.” Despite this, browser developers have decided to meet webmasters – and fixed the ‘You’ in the version of Opera 12.10.

Links:

http://seclists.org/fulldisclosure/2012/Dec/54

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s