Detections
Analytics
Opera < 10.54 Multiple Vulnerabilities
high Nessus Plugin ID 47113
Language:
Synopsis
The remote host contains a web browser that is affected by multiple vulnerabilitiesDescription
The version of Opera installed on the remote host is earlier than 10.54. Such versions are potentially affected by the following issues :- Web fonts may be used to trigger a privilege elevation vulnerability in the Windows operating system (MS10-032) (954)
- It may be possible to use data URIs in a cross-site scripting attack. (955)
- File inputs may disclose the path to selected files. (960)
- It may be possible to use certain characters for domain name spoofing. (961)
- It may be possible for a widget to use unrestricted file I/O to execute arbitrary code. (962)
Solution
Upgrade to Opera 10.54 or later.See Also
http://web.archive.org/web/20170901003657/http://www.opera.com/docs/changelogs/windows/1054/
http://web.archive.org/web/20130225211645/http://www.opera.com/support/kb/view/954/
http://www.opera.com/support/kb/view/955/
http://web.archive.org/web/20130225211652/http://www.opera.com/support/kb/view/960/
http://web.archive.org/web/20130225211648/http://www.opera.com/support/kb/view/961/
http://web.archive.org/web/20130223095723/http://www.opera.com/support/kb/view/962/
Plugin Details
Severity: High
ID: 47113
File Name: opera_1054.nasl
Version: 1.12
Type: local
Agent: windows
Family: Windows
Published: 6/22/2010
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:opera:opera_browser
Required KB Items: SMB/Opera/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 6/21/2010
Vulnerability Publication Date: 6/21/2010
Reference Information
CVE: CVE-2010-2421, CVE-2010-2660, CVE-2010-2661, CVE-2010-2665, CVE-2010-2666
BID: 40973
Secunia: 40250