Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3266

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-3266
Last Modified 19 Oct 2010 03:06:32
Published 18 Sep 2009 06:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3266

Summary

Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content."

Vulnerable Systems

Application

  • Opera Browser 10.00

  • Opera Browser 10.01

  • Opera Browser 10.10

  • Opera Browser 10.50

  • Opera Browser 10.51

  • Opera Browser 10.52

  • Opera Browser 10.53

  • Opera Browser 5.0

  • Opera Browser 5.02

  • Opera Browser 5.10

  • Opera Browser 5.11

  • Opera Browser 5.12

  • Opera Browser 6.0

  • Opera Browser 6.01

  • Opera Browser 6.02

  • Opera Browser 6.03

  • Opera Browser 6.04

  • Opera Browser 6.05

  • Opera Browser 6.06

  • Opera Browser 6.1

  • Opera Browser 6.11

  • Opera Browser 6.12

  • Opera Browser 7.0

  • Opera Browser 7.01

  • Opera Browser 7.02

  • Opera Browser 7.03

  • Opera Browser 7.10

  • Opera Browser 7.11

  • Opera Browser 7.20

  • Opera Browser 7.21

  • Opera Browser 7.22

  • Opera Browser 7.23

  • Opera Browser 7.50

  • Opera Browser 7.51

  • Opera Browser 7.52

  • Opera Browser 7.53

  • Opera Browser 7.54

  • Opera Browser 7.60

  • Opera Browser 8.0

  • Opera Browser 8.00

  • Opera Browser 8.01

  • Opera Browser 8.02

  • Opera Browser 8.50

  • Opera Browser 8.51

  • Opera Browser 8.52

  • Opera Browser 8.53

  • Opera Browser 8.54

  • Opera Browser 9.0

  • Opera Browser 9.00

  • Opera Browser 9.01

  • Opera Browser 9.02

  • Opera Browser 9.10

  • Opera Browser 9.12

  • Opera Browser 9.20

  • Opera Browser 9.21

  • Opera Browser 9.22

  • Opera Browser 9.23

  • Opera Browser 9.24

  • Opera Browser 9.25

  • Opera Browser 9.26

  • Opera Browser 9.27

  • Opera Browser 9.50

  • Opera Browser 9.51

  • Opera Browser 9.52

  • Opera Browser 9.60

  • Opera Browser 9.61

  • Opera Browser 9.62

  • Opera Browser 9.63

  • Opera Browser 9.64


References

CONFIRM - http://www.opera.com/docs/changelogs/windows/1001/

CONFIRM - http://www.opera.com/docs/changelogs/unix/1001/

CONFIRM - http://www.opera.com/docs/changelogs/mac/1001/

XF - opera-feed-security-bypass(54021)

VUPEN - ADV-2009-3073

BID - 36850

BID - 36418

BUGTRAQ - 20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more

OSVDB - 59358

CONFIRM - http://www.opera.com/support/kb/view/939/

MISC - http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads/

MISC - http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/

SECUNIA - 37182

BUGTRAQ - 20091028 Hijacking Opera's Native Page using malicious RSS payloads


Last Updated: 27 May 2016 10:51:12