Detections
Analytics

GLSA-200407-15 : Opera: Multiple spoofing vulnerabilities

medium Nessus Plugin ID 14548

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200407-15 (Opera: Multiple spoofing vulnerabilities)

 Opera fails to remove illegal characters from an URI of a link and to check that the target frame of a link belongs to the same website as the link.
 Opera also updates the address bar before loading a page. Additionally, Opera contains a certificate verification problem.
 Impact :

 These vulnerabilities could allow an attacker to impersonate legitimate websites to steal sensitive information from users. This could be done by obfuscating the real URI of a link or by injecting a malicious frame into an arbitrary frame of another browser window.
 Workaround :

 There is no known workaround at this time. All users are encouraged to upgrade to the latest available version.

Solution

All Opera users should upgrade to the latest stable version:
 # emerge sync # emerge -pv '>=www-client/opera-7.53' # emerge '>=www-client/opera-7.53'

See Also

https://secuniaresearch.flexerasoftware.com/advisories/11978/

https://secuniaresearch.flexerasoftware.com/advisories/12028/

https://www.opera.com/computer/linux

https://security.gentoo.org/glsa/200407-15

Plugin Details

Severity: Medium

ID: 14548

File Name: gentoo_GLSA-200407-15.nasl

Version: 1.16

Type: local

Published: 8/30/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:opera, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 7/20/2004

Reference Information

BID: 10517

GLSA: 200407-15