CVE-2008-4199
https://notcve.org/view.php?id=CVE-2008-4199
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation." Opera anterior a v9.52 no previene del uso de enlaces de páginas web a archivos fuente feed en el disco local, lo cual puede permitir a atacantes remotos determinar la validez de nombres de archivo locales a través de vectores involucrando "detección de eventos JavaScript y manipulación apropiada". • http://bugs.gentoo.org/show_bug.cgi?id=235298 http://secunia.com/advisories/31549 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://securitytracker.com/id?1020722 http://www.openwall.com/lists/oss-security/2008/09/19/2 http://www.openwall.com/lists/oss-security/2008/09/24/4 http://www.opera.com/docs/changelogs/freebsd/952 http://www.opera.com/docs/changelogs/linux/952 http://www.opera.com/docs/changelogs/mac/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-3078
https://notcve.org/view.php?id=CVE-2008-3078
Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image. Opera anterior a 9.51, no maneja de forma adecuada la memoria en funciones que soportan el elemento CANVAS, esto permite a atacantes remotos leer contenidos de memoria no iniciada utilizando JavaScript para leer el lienzo de la imagen. • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html http://secunia.com/advisories/30935 http://secunia.com/advisories/31339 http://www.opera.com/docs/changelogs/freebsd/951 http://www.opera.com/docs/changelogs/linux/951 http://www.opera.com/docs/changelogs/mac/951 http://www.opera.com/docs/changelogs/solaris/951 http://www.opera.com/docs/changelogs/windows/951 http://www.opera.com/support/search/view/887 http://www.securityfocus.com/bid/30068 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-2715
https://notcve.org/view.php?id=CVE-2008-2715
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. Vulnerabilidad no especificada en Opera anterior a 9.5 permite a atacantes remotos leer imágenes de dominios cruzados mediante elementos HTML CANVAS que utilizan imágenes como patrones. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00005.html http://secunia.com/advisories/30636 http://secunia.com/advisories/30682 http://www.opera.com/docs/changelogs/linux/950/#security http://www.opera.com/docs/changelogs/windows/950/#security http://www.opera.com/support/search/view/883 http://www.securityfocus.com/bid/29684 http://www.securitytracker.com/id?1020291 http://www.vupen.com/english/advisories/2008/1812 https://exchange.xforce.ibmcloud.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-2714
https://notcve.org/view.php?id=CVE-2008-2714
Opera before 9.26 allows remote attackers to misrepresent web page addresses using "certain characters" that "cause the page address text to be misplaced." Opera anterior a la v9.26, permite a atacantes remotos deformar la dirección de una página web empleando "ciertos caracteres" que "provocan que el texto de la dirección de la página sea modificado". • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00005.html http://secunia.com/advisories/30636 http://secunia.com/advisories/30682 http://www.opera.com/docs/changelogs/linux/950/#security http://www.opera.com/docs/changelogs/windows/950/#security http://www.opera.com/support/search/view/878 http://www.securityfocus.com/bid/29684 http://www.vupen.com/english/advisories/2008/1812 https://exchange.xforce.ibmcloud.com/vulnerabilities/43035 •
CVE-2008-1762 – Opera Web Browser 9.26 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1762
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption. Opera versiones anteriores a 9.27, permite a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de un patrón de imagen escalado diseñado en un elemento CANVAS de HTML, que desencadena corrupción de memoria. • https://www.exploit-db.com/exploits/31594 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://secunia.com/advisories/29662 http://secunia.com/advisories/29679 http://secunia.com/advisories/29735 http://security.gentoo.org/glsa/glsa-200804-14.xml http://www.opera.com/docs/changelogs/linux/927 http://www.opera.com/support/search/view/882 http://www.securityfocus.com/bid/28585 http://www.vupen.com/english/advisories/2008/1084/references https: • CWE-399: Resource Management Errors •