Vulnerabilities > CVE-2010-1993 - Resource Management Errors vulnerability in Opera Browser 9.52

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
opera
CWE-399
nessus
NVD
Published: 2010-05-20
Updated: 2018-10-10

Summary

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.

Vulnerable Configurations

Part Description Count
Application
Opera
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_OPERA-100708.NASL
    descriptionOpera was upgraded to the 10.60 release. It brings lots of new features, bugfixes and security fixes. Security fixes include: CVE-2010-0653: Opera permits cross-origin loading of CSS style sheets even when the style sheet download has an incorrect MIME type and the style sheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. CVE-2010-1993: Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.
    last seen2020-06-01
    modified2020-06-02
    plugin id47731
    published2010-07-14
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47731
    titleopenSUSE Security Update : opera (openSUSE-SU-2010:0368-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-03 (Opera: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59631
    published2012-06-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59631
    titleGLSA-201206-03 : Opera: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_OPERA-100708.NASL
    descriptionOpera was upgraded to the 10.60 release. It brings lots of new features, bugfixes and security fixes. Security fixes include: CVE-2010-0653: Opera permits cross-origin loading of CSS style sheets even when the style sheet download has an incorrect MIME type and the style sheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. CVE-2010-1993: Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.
    last seen2020-06-01
    modified2020-06-02
    plugin id75690
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75690
    titleopenSUSE Security Update : opera (openSUSE-SU-2010:0370-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_OPERA-100708.NASL
    descriptionOpera was upgraded to the 10.60 release. It brings lots of new features, bugfixes and security fixes. Security fixes include: CVE-2010-0653: Opera permits cross-origin loading of CSS style sheets even when the style sheet download has an incorrect MIME type and the style sheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. CVE-2010-1993: Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.
    last seen2020-06-01
    modified2020-06-02
    plugin id47725
    published2010-07-14
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47725
    titleopenSUSE Security Update : opera (openSUSE-SU-2010:0368-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_OPERA-100708.NASL
    descriptionOpera was upgraded to the 10.60 release. It brings lots of new features, bugfixes and security fixes. Security fixes include: CVE-2010-0653: Opera permits cross-origin loading of CSS style sheets even when the style sheet download has an incorrect MIME type and the style sheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. CVE-2010-1993: Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.
    last seen2020-06-01
    modified2020-06-02
    plugin id47728
    published2010-07-14
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47728
    titleopenSUSE Security Update : opera (openSUSE-SU-2010:0368-1)

Oval

accepted2013-12-23T04:00:06.897-05:00
classvulnerability
contributors
  • nameNikita MR
    organizationSecPod Technologies
  • nameJosh Turpin
    organizationSymantec Corporation
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentOpera Browser is installed
ovaloval:org.mitre.oval:def:6482
descriptionOpera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.
familywindows
idoval:org.mitre.oval:def:11952
statusaccepted
submitted2010-08-03T10:31:45.529
titleibute.
version12

References