Opera Mail Client User Cache Directory file:// Arbitrary Script Execution

2005-09-20T05:27:00
ID OSVDB:19508
Type osvdb
Reporter Jakob Balle(jb@secunia.com)
Modified 2005-09-20T05:27:00

Description

Vulnerability Description

Opera contains a flaw that may allow attached files to be opened from the user's cache directory without warning. The issue is triggered when arbitrary JavaScript is executed in context of "file://". It is possible that the flaw may allow a script insertion attack, if the user chooses to view an attachment resulting in a loss of confidentiality.

Technical Description

This flaw is used in conjuntion with OSVDB 19509.

Solution Description

Upgrade to version 8.50 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Opera contains a flaw that may allow attached files to be opened from the user's cache directory without warning. The issue is triggered when arbitrary JavaScript is executed in context of "file://". It is possible that the flaw may allow a script insertion attack, if the user chooses to view an attachment resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Security Tracker: 1014943 Secunia Advisory ID:16645 Secunia Advisory ID:16968 Related OSVDB ID: 19509 Other Advisory URL: http://secunia.com/secunia_research/2005-42/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0527.html CVE-2005-3006