CVE-2008-4195
https://notcve.org/view.php?id=CVE-2008-4195
Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script. Opera anterior a v9.52 no restringe adecuadamente la habilidad de una página web enmarcada a cambiar la dirección asociada con un marco diferente, lo cual permite a atacantes remotos provocar la muestra de una dirección arbitraria en un marco a través del uso no especificado de secuencia de comandos web. • http://secunia.com/advisories/31549 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.openwall.com/lists/oss-security/2008/09/19/2 http://www.openwall.com/lists/oss-security/2008/09/24/4 http://www.opera.com/docs/changelogs/freebsd/952 http://www.opera.com/docs/changelogs/linux/952 http://www.opera.com/docs/changelogs/mac/952 http://www.opera.com/docs/changelogs/solaris/952 http://www.opera.com/docs/c • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4196
https://notcve.org/view.php?id=CVE-2008-4196
Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Opera anterior a v9.52 que permite a los atacantes remotos insertar una secuencia arbitraria de comandos web o HTML a través de vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=235298 http://secunia.com/advisories/31549 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.openwall.com/lists/oss-security/2008/09/19/2 http://www.openwall.com/lists/oss-security/2008/09/24/4 http://www.opera.com/docs/changelogs/freebsd/952 http://www.opera.com/docs/changelogs/linux/952 http://www.opera.com/docs/changelogs/mac/952 http://www.opera.com/docs/cha • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4198
https://notcve.org/view.php?id=CVE-2008-4198
Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page. Opera anterior a v9.52, cuando se renderiza un página http que tiene cargada una página https en un marco, muestra un icono de un candado que ofrece un diálogo con información de seguridad informando de que la conexión es segura, lo cual puede permitir a atacantes remotos engañar a un usuario, haciendo que realice acciones no seguras en la página http. • http://bugs.gentoo.org/show_bug.cgi?id=235298 http://secunia.com/advisories/31549 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.openwall.com/lists/oss-security/2008/09/19/2 http://www.openwall.com/lists/oss-security/2008/09/24/4 http://www.opera.com/docs/changelogs/freebsd/952 http://www.opera.com/docs/changelogs/linux/952 http://www.opera.com/docs/changelogs/mac/952 http://www.opera.com/docs/cha •
CVE-2008-4199
https://notcve.org/view.php?id=CVE-2008-4199
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation." Opera anterior a v9.52 no previene del uso de enlaces de páginas web a archivos fuente feed en el disco local, lo cual puede permitir a atacantes remotos determinar la validez de nombres de archivo locales a través de vectores involucrando "detección de eventos JavaScript y manipulación apropiada". • http://bugs.gentoo.org/show_bug.cgi?id=235298 http://secunia.com/advisories/31549 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://securitytracker.com/id?1020722 http://www.openwall.com/lists/oss-security/2008/09/19/2 http://www.openwall.com/lists/oss-security/2008/09/24/4 http://www.opera.com/docs/changelogs/freebsd/952 http://www.opera.com/docs/changelogs/linux/952 http://www.opera.com/docs/changelogs/mac/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-3078
https://notcve.org/view.php?id=CVE-2008-3078
Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image. Opera anterior a 9.51, no maneja de forma adecuada la memoria en funciones que soportan el elemento CANVAS, esto permite a atacantes remotos leer contenidos de memoria no iniciada utilizando JavaScript para leer el lienzo de la imagen. • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html http://secunia.com/advisories/30935 http://secunia.com/advisories/31339 http://www.opera.com/docs/changelogs/freebsd/951 http://www.opera.com/docs/changelogs/linux/951 http://www.opera.com/docs/changelogs/mac/951 http://www.opera.com/docs/changelogs/solaris/951 http://www.opera.com/docs/changelogs/windows/951 http://www.opera.com/support/search/view/887 http://www.securityfocus.com/bid/30068 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •