CVE-2012-4142

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.opera.com/support/kb/view/1026/	Vendor Advisory
http://www.opera.com/docs/changelogs/mac/1166/
http://www.opera.com/docs/changelogs/mac/1201/
http://www.opera.com/docs/changelogs/windows/1201/
http://www.opera.com/docs/changelogs/unix/1201/

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:opera:opera_browser::::::::
	cpe:2.3:a:opera:opera_browser:12.00:beta::::::

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:microsoft:windows::::::::

Configuration 2 (hide)

AND

OR	cpe:2.3:a:opera:opera_browser:11.52.1100:::::::*
	cpe:2.3:a:opera:opera_browser:11.52:::::::*
	cpe:2.3:a:opera:opera_browser:11.51:::::::*
	cpe:2.3:a:opera:opera_browser:11.50:beta::::::
	cpe:2.3:a:opera:opera_browser:11.50:::::::*
	cpe:2.3:a:opera:opera_browser:10.10:::::::*
	cpe:2.3:a:opera:opera_browser:10.52:::::::*
	cpe:2.3:a:opera:opera_browser:10.53:::::::*
	cpe:2.3:a:opera:opera_browser:10.54:::::::*
	cpe:2.3:a:opera:opera_browser:10.53:b::::::
	cpe:2.3:a:opera:opera_browser:12.00:::::::*
	cpe:2.3:a:opera:opera_browser:10.61:::::::*
	cpe:2.3:a:opera:opera_browser:10.52:beta2::::::
	cpe:2.3:a:opera:opera_browser:11.60:beta::::::
	cpe:2.3:a:opera:opera_browser:10.00:::::::*
	cpe:2.3:a:opera:opera_browser:10.00:beta3::::::
	cpe:2.3:a:opera:opera_browser:11.10:::::::*
	cpe:2.3:a:opera:opera_browser:10.51:::::::*
	cpe:2.3:a:opera:opera_browser:12.00:beta::::::
	cpe:2.3:a:opera:opera_browser:11.62:::::::*
	cpe:2.3:a:opera:opera_browser:10.11:::::::*
	cpe:2.3:a:opera:opera_browser:10.50:beta1::::::
	cpe:2.3:a:opera:opera_browser:11.00:beta::::::
	cpe:2.3:a:opera:opera_browser:10.53:beta1::::::
	cpe:2.3:a:opera:opera_browser:11.01:::::::*
	cpe:2.3:a:opera:opera_browser:10.00:beta1::::::
	cpe:2.3:a:opera:opera_browser:10.00:beta2::::::
	cpe:2.3:a:opera:opera_browser::::::::
	cpe:2.3:a:opera:opera_browser:10.63:::::::*
	cpe:2.3:a:opera:opera_browser:10.10:beta1::::::
	cpe:2.3:a:opera:opera_browser:10.01:::::::*
	cpe:2.3:a:opera:opera_browser:11.11:::::::*
	cpe:2.3:a:opera:opera_browser:11.64:::::::*
	cpe:2.3:a:opera:opera_browser:11.60:::::::*
	cpe:2.3:a:opera:opera_browser:10.50:::::::*
	cpe:2.3:a:opera:opera_browser:10.62:::::::*
	cpe:2.3:a:opera:opera_browser:11.10:beta::::::
	cpe:2.3:a:opera:opera_browser:10.60:beta1::::::
	cpe:2.3:a:opera:opera_browser:11.61:::::::*
	cpe:2.3:a:opera:opera_browser:10.52:beta1::::::
	cpe:2.3:a:opera:opera_browser:10.50:beta2::::::
	cpe:2.3:a:opera:opera_browser:10.60:::::::*
	cpe:2.3:a:opera:opera_browser:11.00:::::::*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Information

Published : 2012-08-06 09:55

Updated : 2012-08-06 21:00

NVD link : CVE-2012-4142

Mitre link : CVE-2012-4142

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

apple

mac_os_x

opera

opera_browser

microsoft

windows

linux

linux_kernel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.opera.com/support/kb/view/1026/", "name": "http://www.opera.com/support/kb/view/1026/", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.opera.com/docs/changelogs/mac/1166/", "name": "http://www.opera.com/docs/changelogs/mac/1166/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.opera.com/docs/changelogs/mac/1201/", "name": "http://www.opera.com/docs/changelogs/mac/1201/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.opera.com/docs/changelogs/windows/1201/", "name": "http://www.opera.com/docs/changelogs/windows/1201/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.opera.com/docs/changelogs/unix/1201/", "name": "http://www.opera.com/docs/changelogs/unix/1201/", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-4142", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2012-08-06T16:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "12.00"}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:12.00:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.52.1100:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.50:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.53:b:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:12.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.52:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.60:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.00:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:12.00:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.62:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.50:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.00:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.53:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.00:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.00:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.65"}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.10:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.62:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.10:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.60:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.52:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.50:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-08-07T04:00Z"}

4.3 /10