Detections
Analytics

Opera < 11.50 Multiple Vulnerabilities

medium Log Correlation Engine Plugin ID 800843

Synopsis

The remote host has a web browser installed that is affected by a memory corruption vulnerability.

Description

The remote host is running the Opera web browser.

Versions of Opera earlier than 11.50 are potentially affected by multiple vulnerabilities :

- An error in the handling of data URIs that allows cross-site scripting in some unspecified cases. (Issue 995)

 - An error exists in the browser's handling of error pages. Opera generates error pages in response to an invalid URL. If enough invalid URLs are attempted, the host's disk space is eventually filled, the browser crashes and the error files are left behind. (Issue 996)

 - An additional, moderately severe and unspecified error exists. Details regarding this error are to be released in the future. (CVE-2011-2610)

 - Several unspecified errors exist that can cause application crashes. Affected items or functionality are : printing, unspecified web content, JavaScript, Array.prototype.join method, drawing paths with many characters, selecting text nodes, iframes, closed or removed pop-up windows, moving audio or video elements between windows, canvas elements, SVG items, CSS files, form layouts, web workers, SVG BiDi, large tables and print preview, select elements with many items, and the src attribute of the iframe element. (CVE-2011-2611, CVE-2011-2612, CVE-2011-2613, CVE-2011-2614, CVE-2011-2615, CVE-2011-2616, CVE-2011-2617, CVE-2011-2618, CVE-2011-2619, CVE-2011-2620, CVE-2011-2621, CVE-2011-2622, CVE-2011-2623, CVE-2011-2624, CVE-2011-2625, CVE-2011-2626, CVE-2011-2627)

Solution

Upgrade to Opera 11.50 or later.

See Also

http://.opera.com/docs/changelogs/windows/1150

http://.opera.com/support/kb/view/995

http://.opera.com/support/kb/view/996

Plugin Details

Severity: Medium

ID: 800843

Family: Web Clients

Published: 6/29/2011

Nessus ID: 55470

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Patch Publication Date: 6/28/2011

Vulnerability Publication Date: 6/28/2011

Reference Information

CVE: CVE-2011-1337, CVE-2011-2609, CVE-2011-2610, CVE-2011-2611, CVE-2011-2612, CVE-2011-2613, CVE-2011-2614, CVE-2011-2615, CVE-2011-2616, CVE-2011-2617, CVE-2011-2618, CVE-2011-2619, CVE-2011-2620, CVE-2011-2621, CVE-2011-2622, CVE-2011-2623, CVE-2011-2624, CVE-2011-2625, CVE-2011-2626, CVE-2011-2627

BID: 48500, 48501, 48556