Opera < 9.63 Multiple Vulnerabilities

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by several
issues.

Description :

The version of Opera installed on the remote host is earlier than 9.63
and thus reportedly affected by several issues :

- It may be possible to execute arbitrary code on the
remote system by manipulating certain text-area
contents. (920)

- It may be possible to crash the remote browser using
certain HTML constructs or inject code under certain
conditions. (921)

- It may be possible to trigger a buffer overflow, and
potentially execute arbitrary code, by tricking an
user to click on a URL that contains exceptionally
long host names. (922)

- While previewing news feeds, Opera does not correctly
block certain scripted URLs. Such scripts, if not
blocked, may be able to subscribe a user to other
arbitrary feeds and view contents of the feeds to which
the user is currently subscribed. (923)

- By displaying content using XSLT as escaped strings, it
may be possible for a website to inject scripted
markup. (924)

- SSL server certificates are not properly validated due
to an unspecified error. (CVE-2012-1251)

See also :

http://www.opera.com/support/kb/view/920
http://www.opera.com/support/kb/view/921
http://www.opera.com/support/kb/view/922
http://www.opera.com/support/kb/view/923
http://www.opera.com/support/kb/view/924
http://www.opera.com/docs/changelogs/windows/963/
http://jvn.jp/en/jp/JVN39707339/index.html

Solution :

Upgrade to Opera 9.63 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 35185 ()

Bugtraq ID: 32323
32864
32891

CVE ID: CVE-2008-5178
CVE-2012-1251

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now