Rapid7 Vulnerability & Exploit Database

SuSE: opera 8.50-2.1

Back to Search

SuSE: opera 8.50-2.1

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
01/01/2005
Created
07/25/2018
Added
11/08/2005
Modified
11/18/2015

Description

Two problems were found in the Opera Mail client.

  1. Attached files are opened without any warnings directly from the user's cache directory. This can be exploited to execute arbitrary JavaScript in context of "file://".
  2. Normally, filename extensions are determined by the "Content-Type" in Opera Mail. However, by appending an additional '.' to the end of a filename, an HTML file could be spoofed to be e.g. "image.jpg.".

The two vulnerabilities combined may be exploited to conduct script insertion attacks if the user chooses to view an attachment named e.g. "image.jpg." e.g. resulting in disclosure of local files.

Solution(s)

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;