FreeBSD : opera -- multiple vulnerabilities (38daea4f-2851-11e2-9483-14dae938ec40)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Opera reports :

CORS (Cross-Origin Resource Sharing) allows web pages to retrieve the
contents of pages from other sites, with their permission, as they
would appear for the current user. When requests are made in this way,
the browser should only allow the page content to be retrieved if the
target site sends the correct headers that give permission for their
contents to be used in this way. Specially crafted requests may trick
Opera into thinking that the target site has given permission when it
had not done so. This can result in the contents of any target page
being revealed to untrusted sites, including any sensitive information
or session IDs contained within the source of those pages.

Also reported are vulnerabilities involving SVG graphics and XSS.

See also :

http://www.opera.com/support/kb/view/1030/
http://www.opera.com/support/kb/view/1031/
http://www.opera.com/support/kb/view/1033/
http://www.nessus.org/u?85db4a52

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 62832 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now