CVE-2009-4071: XSS
First published: Tue Nov 24 2009(Updated: )
Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opera | <=10.10 | |
| Opera | =7.0 | |
| Opera | =7.23 | |
| Opera | =7.53 | |
| Opera | =7.54 | |
| Opera | =7.60 | |
| Opera | =8.0 | |
| Opera | =8.01 | |
| Opera | =8.02 | |
| Opera | =8.50 | |
| Opera | =8.51 | |
| Opera | =8.52 | |
| Opera | =8.53 | |
| Opera | =8.54 | |
| Opera | =9.0 | |
| Opera | =9.01 | |
| Opera | =9.02 | |
| Opera | =9.10 | |
| Opera | =9.12 | |
| Opera | =9.20 | |
| Opera | =9.21 | |
| Opera | =9.22 | |
| Opera | =9.51 | |
| Opera | =9.52 | |
| Opera | =9.64 | |
| Opera | =10 | |
| Opera | =10.00 | |
| Opera | =10.00-beta_3 | |
| Opera | =10.01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.opera.com/docs/changelogs/windows/1010/
- http://www.securityfocus.com/bid/37089
- http://www.opera.com/support/kb/view/941/
- http://www.opera.com/docs/changelogs/mac/1010/
- http://www.opera.com/docs/changelogs/unix/1010/
- http://secunia.com/advisories/37469
- http://www.vupen.com/english/advisories/2009/3297
- http://osvdb.org/60527
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6385
Frequently Asked Questions
What is the severity of CVE-2009-4071?
CVE-2009-4071 has a moderate severity level due to its potential for cross-site scripting (XSS) and information disclosure.
How do I fix CVE-2009-4071?
To fix CVE-2009-4071, update your Opera browser to version 10.10 or newer.
What types of attacks can be executed using CVE-2009-4071?
CVE-2009-4071 can allow remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
Which versions of Opera are affected by CVE-2009-4071?
CVE-2009-4071 affects multiple versions of Opera prior to version 10.10, including versions 7.0 through 9.64.
Can user interaction trigger the vulnerabilities in CVE-2009-4071?
Yes, user interaction with a malicious website can trigger the vulnerabilities in CVE-2009-4071.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/opera
- canonical/opera
- version/opera/10.10
- version/opera/7.0
- version/opera/7.23
- version/opera/7.53
- version/opera/7.54
- version/opera/7.60
- version/opera/8.0
- version/opera/8.01
- version/opera/8.02
- version/opera/8.50
- version/opera/8.51
- version/opera/8.52
- version/opera/8.53
- version/opera/8.54
- version/opera/9.0
- version/opera/9.01
- version/opera/9.02
- version/opera/9.10
- version/opera/9.12
- version/opera/9.20
- version/opera/9.21
- version/opera/9.22
- version/opera/9.51
- version/opera/9.52
- version/opera/9.64
- version/opera/10
- version/opera/10.00
- version/opera/10.00-beta_3
- version/opera/10.01