ID CVE-2009-4071
Summary Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.64:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.64:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:10:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:10:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:10.00:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:10.00:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:10.00:beta_3:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:10.00:beta_3:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:10.01:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:10.01:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:*:beta_1:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:*:beta_1:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
oval via4
accepted 2013-12-23T04:01:47.949-05:00
class vulnerability
contributors
  • name Chandan S
    organization SecPod Technologies
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Opera Browser is installed
oval oval:org.mitre.oval:def:6482
description Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.
family windows
id oval:org.mitre.oval:def:6385
status accepted
submitted 2009-11-26T01:37:29.630
title Opera before 10.10 allows to obtain sensitive information and XSS attacks
version 9
refmap via4
bid 37089
confirm
osvdb 60527
secunia 37469
vupen ADV-2009-3297
Last major update 30-10-2018 - 16:26
Published 24-11-2009 - 17:30
Last modified 30-10-2018 - 16:26
Back to Top