FreeBSD : opera -- multiple vulnerabilities (31b045e7-ae75-11dc-a5f9-001a4d49522b)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Opera Software ASA reports about multiple security fixes :

- Fixed an issue where plug-ins could be used to allow cross domain
scripting, as reported by David Bloom. Details will be disclosed at a
later date.

- Fixed an issue with TLS certificates that could be used to execute
arbitrary code, as reported by Alexander Klink (Cynops GmbH). Details
will be disclosed at a later date.

- Rich text editing can no longer be used to allow cross domain
scripting, as reported by David Bloom. See our advisory.

- Prevented bitmaps from revealing random data from memory, as
reported by Gynvael Coldwind. Details will be disclosed at a later
date.

See also :

http://www.opera.com/docs/changelogs/freebsd/925/
http://www.opera.com/support/search/view/875/
http://www.nessus.org/u?e99ce367

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 29771 (freebsd_pkg_31b045e7ae7511dca5f9001a4d49522b.nasl)

Bugtraq ID:

CVE ID: CVE-2007-6520
CVE-2007-6521
CVE-2007-6522
CVE-2007-6524

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now