Info

Disclosure

Aug 30, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 30, 2012

Description

Opera contains a flaw that may allow an attacker to hide the file download dialogue by displaying it in a small box. This may allow the attacker to more easily trick a user into downloading the file by entering a certain keystroke sequence.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 12.02 or higher 11.67 (for Mac OS X) or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Opera Software ASA	Opera	12.01
		11.66

References

Security Tracker: 1027469
CVE ID: 2012-6460 (see also: NVD)
Secunia Advisory ID: 50381 50490 52447
Bugtraq ID: 55301
Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-updates/2012-09/msg00038.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00081.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00088.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00098.html
http://www.opera.com/docs/changelogs/mac/1167/
http://www.opera.com/docs/changelogs/unified/1202/
Vendor Specific Advisory URL: http://www.opera.com/support/kb/view/1028/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85110

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Opera Software ASA

Opera

References

Credit