Opera < 10.60 Multiple Vulnerabilities

This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities

Description :

The version of Opera installed on the remote host is earlier than
10.60. Such versions are potentially affected by the following
issues :

- A delay, inserted after a user clicks on a link, is not
functioning correctly and allows a user's double-click
to interact with the download dialog immediately. This
can allow unexpected execution of programs from the
website if the download dialog appears under the pointer
location. (957)

- Files, whose filename and path have been pulled from
the clipboard, may be unintentionally uploaded to a
server without user authorization. This does require
the user to have focused a file input and pasted the
clipboard contents. (958)

See also :

http://www.opera.com/docs/changelogs/windows/1060/
http://www.opera.com/support/kb/view/957/
http://www.opera.com/support/kb/view/958/

Solution :

Upgrade to Opera 10.60 or later.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 47583 ()

Bugtraq ID: 41284
41669

CVE ID: CVE-2010-2657
CVE-2010-2658
CVE-2010-2662
CVE-2010-2663
CVE-2010-2664

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now