FreeBSD : opera -- multiple vulnerabilities (f5c4d7f7-9f4b-11dd-bab1-001999392805)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Opera reports :

Certain constructs are not escaped correctly by Opera's History Search
results. These can be used to inject scripts into the page, which can
then be used to look through the user's browsing history, including
the contents of the pages they have visited. These may contain
sensitive information.

If a link that uses a JavaScript URL triggers Opera's Fast Forward
feature, when the user activates Fast Forward, the script should run
on the current page. When a page is held in a frame, the script is
incorrectly executed on the outermost page, not the page where the URL
was located. This can be used to execute scripts in the context of an
unrelated frame, which allows cross-site scripting.

When Opera is previewing a news feed, some scripts are not correctly
blocked. These scripts are able to subscribe the user to any feed URL
that the attacker chooses, and can also view the contents of any feeds
that the user is subscribed to. These may contain sensitive
information.

See also :

http://www.opera.com/support/search/view/903/
http://www.opera.com/support/search/view/904/
http://www.opera.com/support/search/view/905/
http://www.nessus.org/u?e60d2fdb

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 34508 (freebsd_pkg_f5c4d7f79f4b11ddbab1001999392805.nasl)

Bugtraq ID:

CVE ID: CVE-2008-4697
CVE-2008-4698
CVE-2008-4725

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now