Opera < 9.63 Multiple Vulnerabilities

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.

Synopsis :

The remote host contains a web browser that is affected by several

Description :

The version of Opera installed on the remote host is earlier than 9.63
and thus reportedly affected by several issues :

- It may be possible to execute arbitrary code on the
remote system by manipulating certain text-area
contents. (920)

- It may be possible to crash the remote browser using
certain HTML constructs or inject code under certain
conditions. (921)

- It may be possible to trigger a buffer overflow, and
potentially execute arbitrary code, by tricking an
user to click on a URL that contains exceptionally
long host names. (922)

- While previewing news feeds, Opera does not correctly
block certain scripted URLs. Such scripts, if not
blocked, may be able to subscribe a user to other
arbitrary feeds and view contents of the feeds to which
the user is currently subscribed. (923)

- By displaying content using XSLT as escaped strings, it
may be possible for a website to inject scripted
markup. (924)

- SSL server certificates are not properly validated due
to an unspecified error. (CVE-2012-1251)

See also :


Solution :

Upgrade to Opera 9.63 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 35185 ()

Bugtraq ID: 32323

CVE ID: CVE-2008-5178

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now