Opera browser for Android contains an issue in the handling of intent scheme URL's.
Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
Base Metrics: 4.3 (Medium) [IPA Score]
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Affected Products
Opera Software ASA
Opera browser for Android versions prior to 18
Impact
When a user views a specially crafted page, the Opera browser for Android cookie file may be disclosed.
Solution
[Apply an Update]
Apply the appropriate update for the version of the software being used.
Vendor Information
Opera Software ASA
Opera : Security blog -- Security changes and features of Opera 19
CWE (What is CWE?)
Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)
CVE-2014-0815
References
JVN : JVN#23256725
Revision History
[2014/02/06]
Web page was published