FreeBSD : opera -- multiple vulnerabilities (0e30e802-a9db-11dd-93a2-000bcdf0a03b)

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Opera reports :

When certain parameters are passed to Opera's History Search, they can
cause content not to be correctly sanitized. This can allow scripts to
be injected into the History Search results page. Such scripts can
then run with elevated privileges and interact with Opera's
configuration, allowing them to execute arbitrary code.

The links panel shows links in all frames on the current page,
including links with JavaScript URLs. When a page is held in a frame,
the script is incorrectly executed on the outermost page, not the page
where the URL was located. This can be used to execute scripts in the
context of an unrelated frame, which allows cross-site scripting.

See also :

http://www.opera.com/support/search/view/906/
http://www.opera.com/support/search/view/907/
http://www.nessus.org/u?83481bfd

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 34688 (freebsd_pkg_0e30e802a9db11dd93a2000bcdf0a03b.nasl)

Bugtraq ID:

CVE ID: CVE-2008-4794

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now