Описание
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-4199
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44557
- http://bugs.gentoo.org/show_bug.cgi?id=235298
- http://secunia.com/advisories/31549
- http://secunia.com/advisories/32538
- http://security.gentoo.org/glsa/glsa-200811-01.xml
- http://securitytracker.com/id?1020722
- http://www.openwall.com/lists/oss-security/2008/09/19/2
- http://www.openwall.com/lists/oss-security/2008/09/24/4
- http://www.opera.com/docs/changelogs/freebsd/952
- http://www.opera.com/docs/changelogs/linux/952
- http://www.opera.com/docs/changelogs/mac/952
- http://www.opera.com/docs/changelogs/solaris/952
- http://www.opera.com/docs/changelogs/windows/952
- http://www.opera.com/support/search/view/896
- http://www.securityfocus.com/bid/30768
- http://www.vupen.com/english/advisories/2008/2416
Связанные уязвимости
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."