FreeBSD : opera -- image dragging vulnerability (934b1de4-00d7-11da-bc08-0001020eed82)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

A Secunia Advisory reports :

Secunia Research has discovered a vulnerability in Opera, which can be
exploited by malicious people to conduct cross-site scripting attacks
and retrieve a user's files.

The vulnerability is caused due to Opera allowing a user to drag e.g.
an image, which is actually a 'javascript:' URI, resulting in
cross-site scripting if dropped over another site. This may also be
used to populate a file upload form, resulting in uploading of
arbitrary files to a malicious web site.

Successful exploitation requires that the user is tricked into
dragging and dropping e.g. an image or a link.

See also :

http://www.opera.com/freebsd/changelogs/802/
http://www.nessus.org/u?9f46541e

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19351 (freebsd_pkg_934b1de400d711dabc080001020eed82.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now