Kaspersky Threats

Detect date

?

10/30/2019

Severity

?

High

Description

Multiple vulnerabilities were found in Opera Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

Cross-origin data leak vulnerability can be exploited to arbitrary code execution;
Security UI vulnerability in full screen mode can be exploited remotely via a crafted web page to perform domain spoofing;
URL spoof vulnerability in navigation can be exploited to arbitrary code execution;
Out-of-bounds read vulnerability in PDFium can be exploited to arbitrary code execution;
Unspecified vulnerability in libexpat can be exploited remotely via specially designed XML-file to obtain sensitive information;
File download protection bypass vulnerability can be exploited to arbitrary code execution;
Privilege elevation vulnerability in Installer can be exploited to arbitrary code execution;
Use-after-free vulnerability in media can be exploited to arbitrary code execution;
IDN spoof vulnerability can be exploited to arbitrary code execution;
CSP bypass vulnerability can be exploited to arbitrary code execution;
CSS injection vulnerability can be exploited to arbitrary code execution;
Cross-context information leak vulnerability can be exploited to arbitrary code execution;
Extension permission bypass vulnerability can be exploited to arbitrary code execution;
Service worker state error vulnerability can be exploited to arbitrary code execution;
Address bar spoofing vulnerability can be exploited to arbitrary code execution;
Use after free vulnerability in content delivery manager can be exploited remotely via a crafted web page to potentially cause denial of service;
File storage disclosure vulnerability can be exploited to arbitrary code execution;
URL bar spoofing vulnerability can be exploited to arbitrary code execution;
Buffer overrun vulnerability in Blink can be exploited to arbitrary code execution;
HTTP authentication spoof vulnerability can be exploited to arbitrary code execution;

Affected products

Opera erlier than 65.0.3467.24

Solution

Update to the latest version
Download Opera

Original advisories

Changelog for Opera 65
Stable Channel Update for Desktop

Impacts

?

ACE

[?]

DoS

[?]

SB

[?]

SUI

[?]

Related products

Opera

CVE-IDS

?

Find out the statistics of the vulnerabilities spreading in your region

Detect date ?	10/30/2019
Severity ?	High
Description	Multiple vulnerabilities were found in Opera Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: Cross-origin data leak vulnerability can be exploited to arbitrary code execution; Security UI vulnerability in full screen mode can be exploited remotely via a crafted web page to perform domain spoofing; URL spoof vulnerability in navigation can be exploited to arbitrary code execution; Out-of-bounds read vulnerability in PDFium can be exploited to arbitrary code execution; Unspecified vulnerability in libexpat can be exploited remotely via specially designed XML-file to obtain sensitive information; File download protection bypass vulnerability can be exploited to arbitrary code execution; Privilege elevation vulnerability in Installer can be exploited to arbitrary code execution; Use-after-free vulnerability in media can be exploited to arbitrary code execution; IDN spoof vulnerability can be exploited to arbitrary code execution; CSP bypass vulnerability can be exploited to arbitrary code execution; CSS injection vulnerability can be exploited to arbitrary code execution; Cross-context information leak vulnerability can be exploited to arbitrary code execution; Extension permission bypass vulnerability can be exploited to arbitrary code execution; Service worker state error vulnerability can be exploited to arbitrary code execution; Address bar spoofing vulnerability can be exploited to arbitrary code execution; Use after free vulnerability in content delivery manager can be exploited remotely via a crafted web page to potentially cause denial of service; File storage disclosure vulnerability can be exploited to arbitrary code execution; URL bar spoofing vulnerability can be exploited to arbitrary code execution; Buffer overrun vulnerability in Blink can be exploited to arbitrary code execution; HTTP authentication spoof vulnerability can be exploited to arbitrary code execution;
Affected products	Opera erlier than 65.0.3467.24
Solution	Update to the latest version Download Opera
Original advisories	Changelog for Opera 65 Stable Channel Update for Desktop
Impacts ?	ACE [?] DoS [?] SB [?] SUI [?]
Related products	Opera
CVE-IDS ?	CVE-2019-136996.8High CVE-2019-137006.8High CVE-2019-137014.3Warning CVE-2019-137026.8High CVE-2019-137034.3Warning CVE-2019-137044.3Warning CVE-2019-137054.3Warning CVE-2019-137066.8High CVE-2019-137074.3Warning CVE-2019-137084.3Warning CVE-2019-137094.3Warning CVE-2019-137104.3Warning CVE-2019-137115.0Critical CVE-2019-159035.0Critical CVE-2019-137134.3Warning CVE-2019-137144.3Warning CVE-2019-137154.3Warning CVE-2019-137164.3Warning CVE-2019-137174.3Warning CVE-2019-137184.3Warning CVE-2019-137194.3Warning CVE-2019-137654.3Warning
	Find out the statistics of the vulnerabilities spreading in your region

KLA11714Multiple vulnerabilities in Opera

KLA11714
Multiple vulnerabilities in Opera