| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability CVE-2012-1929
Opera: two vulnerabilities
Synthesis of the vulnerability
| An attacker can invite the victim to display a malicious site with Opera, in order to create a Cross Site Scripting or to detect if a file exists. |
Severity: 2/4.
Creation date: 24/01/2012.
|
Impacted products
Description of the vulnerability
Two vulnerabilities were announced in Opera.
An attacker can create an HTML page which changes a FRAME, in order to execute script code in the context of another web site. [severity:2/4; >]
An attacker can use a JavaScript event, in order to detect if a file exists on victim's computer. [severity:1/4; >] |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: Opera: two vulnerabilities.
Keywords: Cross FRAME HTML JavaScript Opera Scripting Site vulnerabilities.
Identifiers: BID-51648, CVE-2012-1929, openSUSE-SU-2012:0247-1, openSUSE-SU-2012:0610-1, VIGILANCE-VUL-11315.
|
Solutions for this vulnerability
Supplements
Vulnerability : framed content
An attacker can create an HTML page which changes a FRAME, in order to execute script code in the context of another web site.
Severity: 2/4.
|
|
Vulnerability : local files
An attacker can use a JavaScript event, in order to detect if a file exists on victim's computer.
Severity: 1/4.
|
|
Computer vulnerabilities tracking service
Vigil@nce provides application vulnerability patches. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
|
