Opera < 11.62 Multiple Vulnerabilities

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is potentially affected
by multiple vulnerabilities.

Description :

The version of Opera installed on the remote Windows host is earlier
than 11.62 and is, therefore, potentially affected by multiple
vulnerabilities :

- The download dialog box can be displayed in a very
small window thus, tricking a user into not realizing
it is open. Certain keyboard entries after this can
allow a user to take unintended actions. (Issue #1010)

- The download dialog box can be hidden behind certain
page content thus, tricking a user into not realizing
it is open. Certain user actions after this can allow
a user to take unintended actions. (Issue #1011)

- Improper restrictions after the use of
'history.pushState' and 'history.replaceState' can
allow information disclosure of state data when cross-
domain frames are in use. (Issue #1012)

- Dialog boxes can cause the application to display an
incorrect address in the URL bar. (Issue #1013)

- Certain webpage reloading timing issues can cause the
application to display incorrect information in the URL
bar. (Issue #1014)

See also :

http://www.opera.com/support/kb/view/1010/
http://www.opera.com/support/kb/view/1011/
http://www.opera.com/support/kb/view/1012/
http://www.opera.com/support/kb/view/1013/
http://www.opera.com/support/kb/view/1014/
http://www.opera.com/docs/changelogs/windows/1162/

Solution :

Upgrade to Opera 11.62 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 58583 ()

Bugtraq ID: 52731

CVE ID: CVE-2012-1924
CVE-2012-1925
CVE-2012-1926
CVE-2012-1927
CVE-2012-1928

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now