FreeBSD : opera -- multiple vulnerabilities (2eda0c54-34ab-11e0-8103-00215c6a37bb)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Opera reports :

Opera 11.01 is a recommended upgrade offering security and stability
enhancements.

The following security vulnerabilities have been fixed :

- Removed support for 'javascript:' URLs in CSS -o-link values, to
make it easier for sites to filter untrusted CSS.

- Fixed an issue where large form inputs could allow execution of
arbitrary code, as reported by Jordi Chancel; see our advisory.

- Fixed an issue which made it possible to carry out clickjacking
attacks against internal opera: URLs; see our advisory.

- Fixed issues which allowed web pages to gain limited access to files
on the user's computer; see our advisory.

- Fixed an issue where email passwords were not immediately deleted
when deleting private data; see our advisory.

See also :

http://www.opera.com/support/kb/view/982/
http://www.opera.com/support/kb/view/983/
http://www.opera.com/support/kb/view/984/
http://www.nessus.org/u?f985fc52

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 51928 ()

Bugtraq ID:

CVE ID: CVE-2011-0450
CVE-2011-0681
CVE-2011-0682
CVE-2011-0683
CVE-2011-0684
CVE-2011-0685
CVE-2011-0686
CVE-2011-0687

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now