CVE-2008-4199 Information

Description

Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk which might allow remote attackers to determine the validity of local filenames via vectors involving \detection of JavaScript events and appropriate manipulation.\

Reference

http://bugs.gentoo.org/show_bug.cgi?id=235298 http://secunia.com/advisories/31549 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://securitytracker.com/id?1020722 http://www.openwall.com/lists/oss-security/2008/09/19/2 http://www.openwall.com/lists/oss-security/2008/09/24/4 http://www.opera.com/docs/changelogs/freebsd/952/ http://www.opera.com/docs/changelogs/linux/952/ http://www.opera.com/docs/changelogs/mac/952/ http://www.opera.com/docs/changelogs/solaris/952/ http://www.opera.com/docs/changelogs/windows/952/ http://www.opera.com/support/search/view/896/ http://www.securityfocus.com/bid/30768 http://www.vupen.com/english/advisories/2008/2416 https://exchange.xforce.ibmcloud.com/vulnerabilities/44557