Anti-DNS Pinning and Java Applets with Opera and Firefox

Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound...

Important: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2...

Apple QuickTime 7.2/7.3 (Internet Explorer 7 / Firefox / Opera) - RTSP Response Universal

!/usr/bin/python http://www.offensive-security.com Bug discovered by Krystian Kloskowski h07 Tested on: Apple QuickTime Player 7.3 / 7.2 IE7,FF /Opera, XP SP2, Vista This exploit is completely "Universal" .... It has also been modded to work via url redirection ... Magic RETs work on...

Apple QuickTime 7.2/7.3 RTSP Response Universal Exploit (IE7/FF/Opera)

Exploit for unknown platform in category remote exploits ====================================================================== Apple QuickTime 7.2/7.3 RTSP Response Universal Exploit IE7/FF/Opera ====================================================================== !/usr/bin/python...

Apple QuickTime 7.27.3 (Internet Explorer 7 Firefox Opera) - RTSP Response Universal

Apple QuickTime 7.27.3 Internet Explorer 7 Firefox Opera - RTSP Response Universal !/usr/bin/python http://www.offensive-security.com Bug discovered by Krystian Kloskowski h07 Tested on: Apple QuickTime Player 7.3 / 7.2 IE7,FF /Opera, XP SP2, Vista This exploit is completely "Universal" .... It h...

多个Web浏览器SSL证书SubjectAltName验证漏洞

多个WEB浏览器在处理SSL证书验证方面存在缺陷。问题是由于不正确处理针对X.509证书的subjectAltName扩展。 成功利用此漏洞当非法证书使用在SSL HTTP连接时，可绕过安全警告进行钓鱼攻击。 下面的WEB浏览器受此漏洞影响： - Mozilla Firefox, 和Gecko渲染引擎的WEB浏览器。 Opera - Konqueror, 和基于KHTML渲染引擎的浏览器如Apple's Safari. Opera Software Opera Web Browser 9.24 Opera Software Opera Web Browser 9.23 Mozilla...

Mac OSX平台下Opera浏览器的Adobe Flash Player存在未明漏洞

Adobe Flash Player是一款FLASH播放器。 Mac OSX平台下Opera浏览器的Adobe Flash Player存在未明安全问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 Adobe Flash Player 9.0.47.0 Adobe Flash Player 9.0.45.0 Adobe Flash Player 9.0.31.0 Adobe Flash Player 9.0.28.0 Adobe Flash Player 8.0.34.0 Adobe Flash Player 7.0.69.0...

CVE-2002-2414

Opera 6.0.3, when used with Squid 2.4 as an HTTPS proxy, does not properly handle accepting a non-global certificate authority (CA) certificate from a site before establishing a subsequent HTTPS connection, which can allow remote attackers to cause a denial of service (crash). The connected docum...

CVE-2002-2414

Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority CA certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service crash...

GLSA-200710-31 : Opera: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200710-31 Opera: Multiple vulnerabilities Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients CVE-2007-5541. David Bloom discovered that when displaying frames from different...

Opera: Multiple vulnerabilities

Background Opera is a multi-platform web browser. Description Michael A. Puls II discovered an unspecified flaw when launching external email or newsgroup clients CVE-2007-5541. David Bloom discovered that when displaying frames from different websites, the same-origin policy is not correctly...

Opera browser multiple security vulnerabilities

Code execution, crossite access...

[ GLSA 200710-31 ] Opera: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 200710-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

CVE-2002-2358

Cross-site scripting XSS vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL...

CVE-2002-2358

CVE-2002-2358 is an XSS vulnerability in Opera’s FTP view feature (versions 6.0 and 6.01–6.04) allowing injection of arbitrary script/HTML via the title tag of an FTP URL. Connected sources (e.g., Red Hat CVE page) corroborate the same description. The vulnerability arises from unsafe handling of...

CVE-2002-2312

Technical details about CVE-2002-2312 are not publicly available in the provided connected documents. The available records repeat the basic description without added affected versions, impact specifics, or remediation guidance. Monitor for updates from official advisories.

CVE-2002-2332

CVE-2002-2332 concerns a buffer overflow in Opera 6.01 triggered by an IMG tag with oversized width/height attributes, enabling a remote attacker to cause a denial-of-service crash. The connected documents confirm the issue but do not provide exploitation details or a fix. No remediation is speci...

CVE-2002-2312

Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript 1 event.ctrlKey or 2 event.shiftKey onkeydown event contained in a webpage...

CVE-2002-2332

Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service crash via an IMG tag with large width and height attributes...

FreeBSD : opera -- multiple vulnerabilities (44224e08-8306-11dc-9283-0016179b2dd5)

An advisory from Opera reports : If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code. When accessing frames from...