Vulnerability Details CVE-2007-4944
The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://osvdb.org/45946
- http://security.gentoo.org/glsa/glsa-200708-17.xml
- http://www.opera.com/docs/changelogs/freebsd/922/
- http://www.opera.com/docs/changelogs/linux/922/
- http://www.opera.com/docs/changelogs/solaris/922/
- http://www.opera.com/support/search/view/861/
- http://osvdb.org/45946
- http://security.gentoo.org/glsa/glsa-200708-17.xml
- http://www.opera.com/docs/changelogs/freebsd/922/
- http://www.opera.com/docs/changelogs/linux/922/
- http://www.opera.com/docs/changelogs/solaris/922/
- http://www.opera.com/support/search/view/861/
Products affected by CVE-2007-4944
-
cpe:2.3:a:opera:opera_browser:9.0
-
cpe:2.3:a:opera:opera_browser:9.01
-
cpe:2.3:a:opera:opera_browser:9.02
-
cpe:2.3:a:opera:opera_browser:9.10
-
cpe:2.3:a:opera:opera_browser:9.12
-
cpe:2.3:a:opera:opera_browser:9.20
-
cpe:2.3:a:opera:opera_browser:9.21