Signature Detail
Short Name |
HTTP:STC:OPERA:OPERA-CONFIG |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Opera 'opera:config' Security Bypass Vulnerability |
Release Date |
2010/08/20 |
Update Number |
1757 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Opera 'opera:config' Security Bypass Vulnerability
This signature detects Web pages containing dangerous function calls. A malicious Web site can exploit a known vulnerability in the Opera Web Browser and gain control of the client browser by bypassing security restrictions in the browser settings.
Extended Description
Opera is prone to a security-bypass vulnerability because it fails to adequately restrict access through 'iframe' scripts. Attackers can leverage this issue to alter the browser's configuration settings and potentially execute arbitrary code. Versions prior to Opera 9.20 are vulnerable.
Affected Products
- Opera Software Opera Web Browser 5.0.0 2 Win32
- Opera Software Opera Web Browser 5.0.0 Linux
- Opera Software Opera Web Browser 5.0.0 Mac
- Opera Software Opera Web Browser 5.12.0
- Opera Software Opera Web Browser 6.0.0
- Opera Software Opera Web Browser 6.0.0 6
- Opera Software Opera Web Browser 6.0.1
- Opera Software Opera Web Browser 7.10.0
- Opera Software Opera Web Browser 7.11.0
- Opera Software Opera Web Browser 7.11.0 B
- Opera Software Opera Web Browser 7.11.0 J
- Opera Software Opera Web Browser 7.20.0
- Opera Software Opera Web Browser 7.20.0 Beta 1 Build 2981
- Opera Software Opera Web Browser 7.21.0
- Opera Software Opera Web Browser 7.22.0
- Opera Software Opera Web Browser 7.23.0
- Opera Software Opera Web Browser 7.50.0
- Opera Software Opera Web Browser 7.51.0
- Opera Software Opera Web Browser 7.52.0
- Opera Software Opera Web Browser 7.53.0
- Opera Software Opera Web Browser 7.54.0
- Opera Software Opera Web Browser 8.0.0
- Opera Software Opera Web Browser 8.0.0 1
- Opera Software Opera Web Browser 8.0.0 2
- Opera Software Opera Web Browser 8.0.2
- Opera Software Opera Web Browser 8.50.0
- Opera Software Opera Web Browser 8.51.0
- Opera Software Opera Web Browser 8.52
- Opera Software Opera Web Browser 8.53
- Opera Software Opera Web Browser 8.54
- Opera Software Opera Web Browser 8 Beta 3
- Opera Software Opera Web Browser 9
- Opera Software Opera Web Browser 9.01
- Opera Software Opera Web Browser 9.02
- Opera Software Opera Web Browser 9.10
References
- BugTraq: 41927
- URL: http://www.opera.com/