Opera < 10.61 Multiple Vulnerabilities

This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.

Synopsis :

The remote host contains a web browser that is affected by multiple

Description :

The version of Opera installed on the remote host is earlier than
10.61. Such versions are potentially affected by the following
issues :

- A heap overflow when performing painting operations on
an HTML5 canvas can result in execution of arbitrary
code. (966)

- An issue with tab focus is open to an attack
where it is used to obscure a download dialog that is in
another tab. The user can be tricked into clicking on
buttons in the dialog, resulting in the downloaded file
being executed. (967)

- Certain types of content concerning the news feed
preview do not have their scripts removed properly,
possibly resulting in subscription of feeds without
the user's consent. (968)

- Loading an animated PNG image may cause high CPU usage
with no response from the browser. (CVE-2010-3021)

- An error exists in the handling of 'SELECT' HTML
elements having a very large 'size' attribute. This
error can allow memory corruption and possibly allows
remote code execution. (CVE-2011-1824)

See also :


Solution :

Upgrade to Opera 10.61 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 48317 ()

Bugtraq ID: 42407

CVE ID: CVE-2010-2576

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now