Opera < 12.10 Multiple Vulnerabilities

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The version of Opera installed on the remote host is earlier than
12.10 and is, therefore, reportedly affected by the following
vulnerabilities :

- An error exists related to certificate revocation
checking that can allow the application to indicate
that a site is secure even though the check has not
completed. (1029)

- An error exists related to Cross-Origin Resource
Sharing (CORS) handling that can allow specially
crafted requests to aid in disclosing sensitive
data. (1030)

- An error exists related to data URIs that allows
bypassing of the 'Same Origin Policy' and cross-site
scripting attacks. (1031)

- An error exists related to JavaScript and native
objects that allows domains to override methods of
other domains. This error can aid in cross-site
scripting attacks. (1032)

- An error exists related to SVG image handling that
can result in arbitrary code execution. (1033)

- An error exists related to the handling of shortcuts
in inline elements that can cause the application to
be redirected to malicious pages. This error can aid
in phishing attacks. (1034)

- An error exists related to the handling of 'WebP'
images that can allow disclosure of memory contents.
(1035)

See also :

http://www.opera.com/support/kb/view/1029/
http://www.opera.com/support/kb/view/1030/
http://www.opera.com/support/kb/view/1031/
http://www.opera.com/support/kb/view/1032/
http://www.opera.com/support/kb/view/1033/
http://www.opera.com/support/kb/view/1034/
http://www.opera.com/support/kb/view/1035/
http://www.opera.com/docs/changelogs/unified/1210/

Solution :

Upgrade to Opera 12.10 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false