Opera < 11.62 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 800859

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The remote host is running the Opera web browser.

Versions of Opera earlier than 11.62 are potentially affected by multiple vulnerabilities :

- Small windows can be used to trick users in to executing downloads. (Issue 1010)

- Overlapping content can trick users into executing downloads. (Issue 1011)

- History.state can leak the state data from cross domain pages. (Issue 1012)

- Web page dialogs can be used to display the wrong address in the address field. (Issue 1013)

- Carefully timed reloads and redirects can spoof the address field. (Issue 1014)

Solution

Upgrade to Opera 11.62 or later.

See Also

http://.opera.com/support/kb/view/1010

http://.opera.com/support/kb/view/1011

http://.opera.com/support/kb/view/1012

http://.opera.com/support/kb/view/1013

http://.opera.com/support/kb/view/1014

http://.opera.com/docs/changelogs/windows/1162

Plugin Details

Severity: High

ID: 800859

Family: Web Clients

Published: 3/28/2012

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 3/27/2012

Vulnerability Publication Date: 3/27/2012

Reference Information

BID: 52731