PT-2019-15959 · Opera · Opera For Android

Published

2019-12-18

Updated

2020-01-23

CVE-2019-19788

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Opera for Android versions prior to 54.0.2669.49432

Description The issue allows an attacker to bypass normal sandboxing attributes by using a service working inside a sandboxed iframe. This enables forced redirections without user interaction from a third-party context.

Recommendations For Opera for Android versions prior to 54.0.2669.49432, update to version 54.0.2669.49432 or later to resolve the issue. As a temporary workaround, consider restricting the use of iframes from third-party contexts to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-19788

Affected Products

Opera For Android

PT-2019-15959 · Opera · Opera For Android

CVE-2019-19788

Related Identifiers

Affected Products

References · 4