Vulnerabilities > CVE-2006-3331 - Unspecified vulnerability in Opera Browser

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
opera
nessus

Summary

Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.

Vulnerable Configurations

Part Description Count
Application
Opera
94

Nessus

  • NASL familyWindows
    NASL idOPERA_900.NASL
    descriptionThe version of Opera installed on the remote host reportedly contains an issue that presents itself when the height and width parameters of a JPEG image are set excessively high, causing Opera to allocate insufficient memory for the image and crash as it tries to write to memory at the wrong location. In addition, it is reportedly affected by a flaw that may allow an attacker to display an SSL certificate from a trusted site on an untrusted one.
    last seen2020-06-01
    modified2020-06-02
    plugin id21786
    published2006-06-30
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21786
    titleOpera < 9.00 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21786);
      script_version("1.18");
    
      script_cve_id("CVE-2006-3198", "CVE-2006-3331");
      script_bugtraq_id(18594, 18692);
    
      script_name(english:"Opera < 9.00 Multiple Vulnerabilities");
      script_summary(english:"Checks version number of Opera");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    issues." );
     script_set_attribute(attribute:"description", value:
    "The version of Opera installed on the remote host reportedly contains
    an issue that presents itself when the height and width parameters of
    a JPEG image are set excessively high, causing Opera to allocate
    insufficient memory for the image and crash as it tries to write to
    memory at the wrong location. 
    
    In addition, it is reportedly affected by a flaw that may allow an
    attacker to display an SSL certificate from a trusted site on an
    untrusted one." );
     script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/438074/30/0/threaded" );
     script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20061016111151/http://www.opera.com/support/search/supsearch.dml?index=834" );
     script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2006-49/advisory/" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to Opera version 9.00 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_set_attribute(attribute:"plugin_publication_date", value: "2006/06/30");
     script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/22");
     script_cvs_date("Date: 2018/11/15 20:50:28");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
    script_end_attributes();
    
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
    
      script_dependencies("opera_installed.nasl");
      script_require_keys("SMB/Opera/Version_UI");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    
    
    version_ui = get_kb_item("SMB/Opera/Version_UI");
    if (isnull(version_ui)) exit(0);
    
    if (version_ui =~ "^([0-8]\.|9\.00 [Bb]eta)")
    {
      if (report_verbosity)
      {
        report = string(
          "\n",
          "Opera version ", version_ui, " is currently installed on the remote host.\n"
        );
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(get_kb_item("SMB/transport"));
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2006_038.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:038 (opera). The web browser Opera has been upgraded to version 9.0 to add lots of new features, and to fix the following security problem: - CVE-2006-3198: An integer overflow vulnerability exists in the Opera Web Browser due to the improper handling of JPEG files. If excessively large height and width values are specified in certain fields of a JPEG file, an integer overflow may cause Opera to allocate insufficient memory for the image. This will lead to a buffer overflow when the image is loaded into memory, which can be exploited to execute arbitrary code. - CVE-2006-3331: Opera did not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.
    last seen2019-10-28
    modified2007-02-18
    plugin id24418
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24418
    titleSUSE-SA:2006:038: opera