Detections
Analytics

FreeBSD : opera -- image dragging vulnerability (934b1de4-00d7-11da-bc08-0001020eed82)

high Nessus Plugin ID 19351

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A Secunia Advisory reports :

Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and retrieve a user's files.

The vulnerability is caused due to Opera allowing a user to drag e.g.
an image, which is actually a 'javascript:' URI, resulting in cross-site scripting if dropped over another site. This may also be used to populate a file upload form, resulting in uploading of arbitrary files to a malicious website.

Successful exploitation requires that the user is tricked into dragging and dropping e.g. an image or a link.

Solution

Update the affected packages.

See Also

https://blogs.opera.com/desktop/

http://www.nessus.org/u?e2f3ef40

Plugin Details

Severity: High

ID: 19351

File Name: freebsd_pkg_934b1de400d711dabc080001020eed82.nasl

Version: 1.14

Type: local

Published: 8/1/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, p-cpe:/a:freebsd:freebsd:opera-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/30/2005

Vulnerability Publication Date: 7/28/2005

Reference Information

Secunia: 15756