FreeBSD : opera -- 'data:' URI handler spoofing vulnerability (20c9bb14-81e6-11d9-a9e7-0001020eed82)
Medium Nessus Plugin ID 18865
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionA Secunia Advisory reports :
Michael Holzt has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files.
The vulnerability is caused due to an error in the processing of 'data:' URIs, causing wrong information to be shown in a download dialog. This can be exploited by e.g. a malicious website to trick users into executing a malicious file by supplying a specially crafted 'data:' URI.
SolutionUpdate the affected packages.