Opera Web浏览器9.52版本修复多个安全漏洞
Opera Software Opera <9.52
Will not be affected system:
Opera Software Opera 9.52
Description: BUGTRAQ ID: 30768
Opera is a popular WEB browser, support for multiple platforms.
Opera’s version 9.52 before in a number of safety loopholes, and could allow a malicious user implementation of deception and cross-site scripting, leaking sensitive information or complete invasion of a user’s system.
1) When the Opera as a processor implementation of the agreement when there is an error, could lead to the collapse or execution of arbitrary code. The flaw affects only the Windows platform on the Opera.
2) the page can change the pop-up window to open the frame address other sites, which could lead to a trusted site in the frame to load malicious content.
3) deal with custom shortcuts and menu command when there is an error, allowing for the risk parameters of the implementation of applications. The successful use of this loophole to lure users request to amend the shortcut menu or documents.
4) In the report can safely visit the site when there are loopholes, an attacker can be unsafe in the frame included in the site content will be unsafe for the safety of the site.
5) Check whether the website link to the local paper, there are errors, an attacker can link to the local feed source and determine the existence of the local system files.
6) in dealing with news sources at the request of subscribers there are loopholes, allowing an attacker to be changed to address field malicious Web addresses, misleading customers.
<* Source: Chris Weber
Lars Kleinscht
Links: http://secunia.com/advisories/31549/
http://www.opera.com/docs/changelogs/windows/952/
http://www.opera.com/support/search/view/892/
http://www.opera.com/support/search/view/893/
http://www.opera.com/support/search/view/894/
http://www.opera.com/support/search/view/895/
http://www.opera.com/support/search/view/896/
http://www.opera.com/support/search/view/897/
*>
Recommendations:
————————————————– ——————————
Manufacturers patch:
Opera Software
————–
At present vendors have released updates to fix this security issue, go to vendors to download the home page:
http://www.opera.com/download/index.dml?custom=yes
受影响系统:
Opera Software Opera < 9.52
不受影响系统:
Opera Software Opera 9.52
描述:BUGTRAQ ID: 30768
Opera是一款流行的WEB浏览器,支持多种平台。
Opera的9.52之前版本中存在多个安全漏洞,可能允许恶意用户执行欺骗和跨站脚本、泄露敏感信息或完全入侵用户系统。
1) 当Opera作为协议处理器执行时存在错误,可能导致崩溃或执行任意代码。这个漏洞仅影响Windows平台上的Opera。
2) 网页可以更改弹出窗口中打开的其他站点帧的地址,这可能导致向可信任站点帧中加载恶意内容。
3) 处理自定义快捷方式和菜单命令时存在错误,允许以危险的参数执行应用程序。成功利用这个漏洞要求能够诱骗用户修改快捷方式或菜单文件。
4) 在报告站点可以安全浏览时存在漏洞,攻击者可以通过在帧中包含不安全站点的内容将不安全的站点报告为安全。
5) 在检查网页是否链接到本地文件时存在错误,攻击者可以链接到本地feed源并判断本地系统是否存在文件。
6) 在处理新闻源订阅请求时存在漏洞,允许攻击者将地址字段更改为恶意网页的地址,误导用户。
<*来源:Chris Weber
Lars Kleinscht
链接:http://secunia.com/advisories/31549/
http://www.opera.com/docs/changelogs/windows/952/
http://www.opera.com/support/search/view/892/
http://www.opera.com/support/search/view/893/
http://www.opera.com/support/search/view/894/
http://www.opera.com/support/search/view/895/
http://www.opera.com/support/search/view/896/
http://www.opera.com/support/search/view/897/
*>
建议:
——————————————————————————–
厂商补丁:
Opera Software
————–
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.opera.com/download/index.dml?custom=yes
Subscribe Feed
Contact Us