CVE-2008-4199

Opera < 9.52 - Exposure of Sensitive Information via Local Feed Source File Links

Title source: llm
STIX 2.1

Description

Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."

References (16)

Core 16
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2416
Vendor Advisory x_refsource_confirm
http://www.opera.com/support/search/view/896/
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32538
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/mac/952/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/solaris/952/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44557
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1020722
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30768
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/952/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/linux/952/
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/09/24/4
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/09/19/2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31549
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=235298
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/freebsd/952/
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200811-01.xml

Scores

EPSS 0.0083
EPSS Percentile 74.7%

Details

CWE
CWE-200
Status published
Products (29)
opera/opera_browser 5.0 (8 CPE variants)
opera/opera_browser 5.02
opera/opera_browser 5.10
opera/opera_browser 5.11
opera/opera_browser 5.12
opera/opera_browser 6.0 (7 CPE variants)
opera/opera_browser 6.1 (2 CPE variants)
opera/opera_browser 6.01
opera/opera_browser 6.02
opera/opera_browser 6.03
... and 19 more
Published Sep 27, 2008
Tracked Since Feb 18, 2026