Opera < 11.50 Multiple Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Opera installed on the remote Windows host is earlier
than 11.50 and thus potentially affected by multiple vulnerabilities:

- An error exists in the handling of data URIs that
allows cross-site scripting in some unspecified cases.
(Issue #995)

- An error exists in the browser's handling of error
pages. Opera generates error pages in response to an
invalid URL. If enough invalid URLs are attempted, the
host's disk space is eventually filled, the browser
crashes and the error files are left behind.
(Issue #996)

- An additional, moderately severe and unspecified error
exists. Details regarding this error are to be released
in the future. (CVE-2011-2610)

- Several unspecified errors exist that can cause
application crashes. Affected items or functionaility
are: printing, unspecified web content, JavaScript
Array.prototype.join method, drawing paths with many
characters, selecting text nodes, iframes,
closed or removed pop-up windows, moving audio or
video elements between windows, canvas elements, SVG
items, CSS files, form layouts, web workers, SVG BiDi,
large tables and print preview, select elements with
many items, and the src attribute of the iframe element.
(CVE-2011-2611, CVE-2011-2612, CVE-2011-2613,
CVE-2011-2614, CVE-2011-2615, CVE-2011-2616,
CVE-2011-2617, CVE-2011-2618, CVE-2011-2619,
CVE-2011-2620, CVE-2011-2621, CVE-2011-2622,
CVE-2011-2623, CVE-2011-2624, CVE-2011-2625,
CVE-2011-2626, CVE-2011-2627)

See also :

http://www.opera.com/support/kb/view/995/
http://www.opera.com/support/kb/view/996/
http://www.opera.com/docs/changelogs/windows/1150/

Solution :

Upgrade to Opera 11.50 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true