PT-2012-1000 · Opera · Opera
Publicado
2012-06-14
·
Atualizado
2012-06-15
·
CVE-2012-3556
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Opera versions prior to 11.65
Description
The issue is related to the handling of double clicks on pop-up windows, allowing an attacker to create a pop-up window that, upon the first click, displays an additional form in the cursor area, and upon the second click, executes arbitrary code. This makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.
Recommendations
For Opera versions prior to 11.65, update to version 11.65 or later to resolve the issue. As a temporary workaround, consider avoiding the use of double clicks on pop-up windows until the update is applied.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Opera