opera

• Author: vmiklos
• Vulnerable: 9.20-1terminus1
• Unaffected: 9.22-1terminus1

1. Robert Swiecki has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to an error in the handling of the “data:” URI scheme. This can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar when a user follows a specially crafted link.
2. A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a user’s system The vulnerability is caused due to Opera using already freed memory when parsing BitTorrent headers and can lead to an invalid object pointer being dereferenced. This can be exploited to execute arbitrary code, when the user is tricked into clicking on a specially crafted BitTorrent file and then removes it via a right-click from the download pane.

• Bug Tracker URL: http://bugs.frugalware.org/task/2266

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3819
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3929