KLA11714
Multiple vulnerabilities in Opera

Updated: 06/03/2020
Detect date
?
10/30/2019
Severity
?
High
Description

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

  1. Cross-origin data leak vulnerability can be exploited to arbitrary code execution;
  2. Security UI vulnerability in full screen mode can be exploited remotely via a crafted web page to perform domain spoofing;
  3. URL spoof vulnerability in navigation can be exploited to arbitrary code execution;
  4. Out-of-bounds read vulnerability in PDFium can be exploited to arbitrary code execution;
  5. Unspecified vulnerability in libexpat can be exploited remotely via specially designed XML-file to obtain sensitive information;
  6. File download protection bypass vulnerability can be exploited to arbitrary code execution;
  7. Privilege elevation vulnerability in Installer can be exploited to arbitrary code execution;
  8. Use-after-free vulnerability in media can be exploited to arbitrary code execution;
  9. IDN spoof vulnerability can be exploited to arbitrary code execution;
  10. CSP bypass vulnerability can be exploited to arbitrary code execution;
  11. CSS injection vulnerability can be exploited to arbitrary code execution;
  12. Cross-context information leak vulnerability can be exploited to arbitrary code execution;
  13. Extension permission bypass vulnerability can be exploited to arbitrary code execution;
  14. Service worker state error vulnerability can be exploited to arbitrary code execution;
  15. Address bar spoofing vulnerability can be exploited to arbitrary code execution;
  16. Use after free vulnerability in content delivery manager can be exploited remotely via a crafted web page to potentially cause denial of service;
  17. File storage disclosure vulnerability can be exploited to arbitrary code execution;
  18. URL bar spoofing vulnerability can be exploited to arbitrary code execution;
  19. Buffer overrun vulnerability in Blink can be exploited to arbitrary code execution;
  20. HTTP authentication spoof vulnerability can be exploited to arbitrary code execution;
Affected products

Opera erlier than 65.0.3467.24

Solution

Update to the latest version
Download Opera

Original advisories

Changelog for Opera 65
Stable Channel Update for Desktop

Impacts
?
ACE 
[?]

DoS 
[?]

SUI 
[?]
Related products
Opera
CVE-IDS
?
CVE-2019-136996.8High
CVE-2019-137006.8High
CVE-2019-137014.3Warning
CVE-2019-137026.8High
CVE-2019-137034.3Warning
CVE-2019-137044.3Warning
CVE-2019-137054.3Warning
CVE-2019-137066.8High
CVE-2019-137074.3Warning
CVE-2019-137084.3Warning
CVE-2019-137094.3Warning
CVE-2019-137104.3Warning
CVE-2019-137115.0Critical
CVE-2019-159035.0Critical
CVE-2019-137134.3Warning
CVE-2019-137144.3Warning
CVE-2019-137154.3Warning
CVE-2019-137164.3Warning
CVE-2019-137174.3Warning
CVE-2019-137184.3Warning
CVE-2019-137194.3Warning
CVE-2019-137654.3Warning
Find out the statistics of the vulnerabilities spreading in your region