KLA11714
Multiple vulnerabilities in Opera
Updated: 05/22/2020
Detect date
?
10/30/2019
Severity
?
High
Description

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

  1. Cross-origin data leak vulnerability can be exploited to arbitrary code execution;
  2. Security UI vulnerability in full screen mode can be exploited remotely via a crafted web page to perform domain spoofing;
  3. URL spoof vulnerability in navigation can be exploited to arbitrary code execution;
  4. Out-of-bounds read vulnerability in PDFium can be exploited to arbitrary code execution;
  5. Unspecified vulnerability in libexpat can be exploited remotely via specially designed XML-file to obtain sensitive information;
  6. File download protection bypass vulnerability can be exploited to arbitrary code execution;
  7. Privilege elevation vulnerability in Installer can be exploited to arbitrary code execution;
  8. Use-after-free vulnerability in media can be exploited to arbitrary code execution;
  9. IDN spoof vulnerability can be exploited to arbitrary code execution;
  10. CSP bypass vulnerability can be exploited to arbitrary code execution;
  11. CSS injection vulnerability can be exploited to arbitrary code execution;
  12. Cross-context information leak vulnerability can be exploited to arbitrary code execution;
  13. Extension permission bypass vulnerability can be exploited to arbitrary code execution;
  14. Service worker state error vulnerability can be exploited to arbitrary code execution;
  15. Address bar spoofing vulnerability can be exploited to arbitrary code execution;
  16. Use after free vulnerability in content delivery manager can be exploited remotely via a crafted web page to potentially cause denial of service;
  17. File storage disclosure vulnerability can be exploited to arbitrary code execution;
  18. URL bar spoofing vulnerability can be exploited to arbitrary code execution;
  19. Buffer overrun vulnerability in Blink can be exploited to arbitrary code execution;
  20. HTTP authentication spoof vulnerability can be exploited to arbitrary code execution;
Affected products

Opera erlier than 65.0.3467.24

Solution

Update to the latest version
Download Opera

Original advisories

Changelog for Opera 65
Stable Channel Update for Desktop

Impacts
?
ACE 
[?]

DoS 
[?]

SUI 
[?]
Related products
Opera
CVE-IDS
?
CVE-2019-136990.0Unknown
CVE-2019-137000.0Unknown
CVE-2019-137010.0Unknown
CVE-2019-137020.0Unknown
CVE-2019-137030.0Unknown
CVE-2019-137040.0Unknown
CVE-2019-137050.0Unknown
CVE-2019-137060.0Unknown
CVE-2019-137070.0Unknown
CVE-2019-137080.0Unknown
CVE-2019-137090.0Unknown
CVE-2019-137100.0Unknown
CVE-2019-137110.0Unknown
CVE-2019-159030.0Unknown
CVE-2019-137130.0Unknown
CVE-2019-137140.0Unknown
CVE-2019-137150.0Unknown
CVE-2019-137160.0Unknown
CVE-2019-137170.0Unknown
CVE-2019-137180.0Unknown
CVE-2019-137190.0Unknown
CVE-2019-137650.0Unknown