CVE-2009-3832 — MEDIUM (5.8)

Q: What is CVE-2009-3832?

CVE-2009-3832 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.

Q: How severe is CVE-2009-3832?

CVE-2009-3832 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3832?

Check the references section above for vendor advisories and patch information. Affected products include: Opera Opera Browser, Microsoft Windows.

Vulnerability Description

Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:P

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Opera	Opera Browser	< 10.01
Microsoft	Windows	All versions

Related Weaknesses (CWE)

CWE-601

References

http://secunia.com/advisories/37182Broken Link
http://www.opera.com/docs/changelogs/windows/1001/Broken LinkVendor Advisory
http://www.opera.com/support/kb/view/940/Broken LinkVendor Advisory
http://www.osvdb.org/59359Broken Link
http://www.securityfocus.com/bid/36850Broken LinkPatchThird Party Advisory
http://www.vupen.com/english/advisories/2009/3073Broken LinkPatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54022Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Tool Signature
http://secunia.com/advisories/37182Broken Link
http://www.opera.com/docs/changelogs/windows/1001/Broken LinkVendor Advisory
http://www.opera.com/support/kb/view/940/Broken LinkVendor Advisory
http://www.osvdb.org/59359Broken Link
http://www.securityfocus.com/bid/36850Broken LinkPatchThird Party Advisory
http://www.vupen.com/english/advisories/2009/3073Broken LinkPatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54022Third Party AdvisoryVDB Entry

FAQ

What is CVE-2009-3832?

CVE-2009-3832 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.

How severe is CVE-2009-3832?

CVE-2009-3832 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3832?

Check the references section above for vendor advisories and patch information. Affected products include: Opera Opera Browser, Microsoft Windows.