FreeBSD : opera -- image dragging vulnerability (934b1de4-00d7-11da-bc08-0001020eed82)

High Nessus Plugin ID 19351


The remote FreeBSD host is missing one or more security-related updates.


A Secunia Advisory reports :

Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and retrieve a user's files.

The vulnerability is caused due to Opera allowing a user to drag e.g.
an image, which is actually a 'javascript:' URI, resulting in cross-site scripting if dropped over another site. This may also be used to populate a file upload form, resulting in uploading of arbitrary files to a malicious web site.

Successful exploitation requires that the user is tricked into dragging and dropping e.g. an image or a link.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 19351

File Name: freebsd_pkg_934b1de400d711dabc080001020eed82.nasl

Version: $Revision: 1.10 $

Type: local

Published: 2005/08/01

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, p-cpe:/a:freebsd:freebsd:opera-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2005/07/30

Vulnerability Publication Date: 2005/07/28

Reference Information

Secunia: 15756