[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- Opera Manipulating fonts in SVG
From:       Yves-Alexis Perez <corsac () debian ! org>
Date:       2011-10-28 11:45:16
Message-ID: 1319802316.20049.9.camel () scapa
[Download RAW message or body]


On ven., 2011-10-28 at 07:17 -0400, Sean Amoss wrote:
> Can a CVE be assigned for the below issue?
> 
> "Certain font manipulations inside a dynamically added and
> specifically
> embedded SVG image can cause Opera to crash. Additional techniques can
> reliably be used in combination with this crash to allow execution of
> arbitrary code.
> 
> Opera Software has released Opera 11.52, where this issue has been
> fixed."
> 
> http://www.opera.com/support/kb/view/1002/
> http://spa-s3c.blogspot.com/2011/10/spas3c-sv-006opera-browser-101112-0-day.html 

Note that *OSS*-sec is for Open Source Software, which Opera is not,
afair.

Regards,
-- 
Yves-Alexis

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]