Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:51
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.gentoo.org/show_bug.cgi?id=235298 - | |
References | () http://secunia.com/advisories/31549 - Vendor Advisory | |
References | () http://secunia.com/advisories/32538 - Vendor Advisory | |
References | () http://security.gentoo.org/glsa/glsa-200811-01.xml - | |
References | () http://securitytracker.com/id?1020722 - | |
References | () http://www.openwall.com/lists/oss-security/2008/09/19/2 - | |
References | () http://www.openwall.com/lists/oss-security/2008/09/24/4 - | |
References | () http://www.opera.com/docs/changelogs/freebsd/952/ - | |
References | () http://www.opera.com/docs/changelogs/linux/952/ - | |
References | () http://www.opera.com/docs/changelogs/mac/952/ - | |
References | () http://www.opera.com/docs/changelogs/solaris/952/ - | |
References | () http://www.opera.com/docs/changelogs/windows/952/ - | |
References | () http://www.opera.com/support/search/view/896/ - | |
References | () http://www.securityfocus.com/bid/30768 - | |
References | () http://www.vupen.com/english/advisories/2008/2416 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/44557 - |
Information
Published : 2008-09-27 10:30
Updated : 2024-11-21 00:51
NVD link : CVE-2008-4199
Mitre link : CVE-2008-4199
CVE.ORG link : CVE-2008-4199
JSON object : View
Products Affected
opera
- opera_browser
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor