Opera Cookie Handling Weakness and Unspecified Vulnerability

by Carol~ Moderator - 4/4/13 8:12 AM

In Reply to: VULNERABILITIES / FIXES - April 04, 2013 by Carol~ Moderator

Release Date : 2013-04-04

Criticality level : Moderately critical
Impact : Exposure of sensitive information
Unknown
Where : From remote
Solution Status: Vendor Patch

Software: Opera 12.x

Description:
A weakness and a vulnerability have been reported in Opera, where one has an unknown impact and the other can be exploited by malicious people to disclose potentially sensitive information.

1) The weakness is caused due to the application allowing cookies to be set for top-level domains, which may lead to the cookie being exposed to other websites under the same top-level domain.

2) An unspecified error exists. No further information is currently available.

The weakness and a vulnerability are reported in version 12.14. Prior versions may also be affected.

Solution:
Update to version 12.15.

Provided and/or discovered by:
1) Reported by the vendor
2) The vendor credits Attila Suszter

Original Advisory:
Opera:
http://www.opera.com/docs/changelogs/unified/1215/

http://secunia.com/advisories/52859/