oss-sec mailing list archives
Re: CVE request: Opera <9.27 Multiple issues
From: "Steven M. Christey" <coley () linus mitre org>
Date: Sat, 12 Apr 2008 15:15:59 -0400 (EDT)
On Fri, 11 Apr 2008, Robert Buchholz wrote:
* Improved keyboard handling of password inputs, as reported by
Trystan S.
--------------
I have no idea what the third vulnerability actually means.
Me neither... ====================================================== Name: CVE-2008-1761 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1761 Reference: CONFIRM:http://www.opera.com/support/search/view/881/ Reference: BID:28585 Reference: URL:http://www.securityfocus.com/bid/28585 Reference: FRSIRT:ADV-2008-1084 Reference: URL:http://www.frsirt.com/english/advisories/2008/1084/references Reference: SECUNIA:29662 Reference: URL:http://secunia.com/advisories/29662 Reference: XF:opera-newsfeed-code-execution(41625) Reference: URL:http://xforce.iss.net/xforce/xfdb/41625 Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. ====================================================== Name: CVE-2008-1762 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1762 Reference: CONFIRM:http://www.opera.com/support/search/view/882/ Reference: BID:28585 Reference: URL:http://www.securityfocus.com/bid/28585 Reference: FRSIRT:ADV-2008-1084 Reference: URL:http://www.frsirt.com/english/advisories/2008/1084/references Reference: SECUNIA:29662 Reference: URL:http://secunia.com/advisories/29662 Reference: XF:opera-htmlcanvas-code-execution(41627) Reference: URL:http://xforce.iss.net/xforce/xfdb/41627 Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers a memory corruption. ====================================================== Name: CVE-2008-1764 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1764 Reference: CONFIRM:http://www.opera.com/docs/changelogs/windows/927/ Unspecified vulnerability in Opera for Windows before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."
Current thread:
- CVE request: Opera <9.27 Multiple issues Robert Buchholz (Apr 10)
- Re: CVE request: Opera <9.27 Multiple issues Steven M. Christey (Apr 12)
- Re: CVE request: Opera <9.27 Multiple issues Robert Buchholz (Apr 12)
- Re: CVE request: Opera <9.27 Multiple issues Steven M. Christey (Apr 12)