SuSE: opera 8.50-1.1
6
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
12/10/2004
07/25/2018
11/08/2005
11/18/2015
Description
Two problems were found in the Opera Mail client.
- Attached files are opened without any warnings directly from the user's cache directory. This can be exploited to execute arbitrary JavaScript in context of "file://".
- Normally, filename extensions are determined by the "Content-Type" in Opera Mail. However, by appending an additional '.' to the end of a filename, an HTML file could be spoofed to be e.g. "image.jpg.".
The two vulnerabilities combined may be exploited to conduct script insertion attacks if the user chooses to view an attachment named e.g. "image.jpg." e.g. resulting in disclosure of local files.
Solution(s)
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center