FreeBSD : opera -- multiple vulnerabilities (d6b092bd-61e1-11da-b64c-0001020eed82)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Opera reports :

It is possible to make a form input that looks like an image link. If
the form input has a 'title' attribute, the status bar will show the
'title'. A 'title' which looks like a URL can mislead the user, since
the title can say http://nice.familiar.com/, while the form action can
be something else.

Opera's tooltip says 'Title:' before the title text, making a spoof
URL less convincing. A user who has enabled the status bar and
disabled tooltips can be affected by this. Neither of these settings
are Opera's defaults.

This exploit is mostly of interest to users who disable JavaScript. If
JavaScript is enabled, any link target or form action can be
overridden by the script. The tooltip and the statusbar can only be
trusted to show the true location if JavaScript is disabled.

Java code using LiveConnect methods to remove a property of a
JavaScript object may in some cases use NULL pointers that can make
Opera crash. This crash is not exploitable and such code is rare on
the web.

See also :

http://www.opera.com/support/search/supsearch.dml?index=817
http://www.opera.com/support/search/supsearch.dml?index=819
http://www.nessus.org/u?527a1f8d

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21517 (freebsd_pkg_d6b092bd61e111dab64c0001020eed82.nasl)

Bugtraq ID:

CVE ID: CVE-2005-3699

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now