FreeBSD : opera -- multiple vulnerabilities (31b045e7-ae75-11dc-a5f9-001a4d49522b)

critical Nessus Plugin ID 29771

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Opera Software ASA reports about multiple security fixes :

- Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by David Bloom. Details will be disclosed at a later date.

- Fixed an issue with TLS certificates that could be used to execute arbitrary code, as reported by Alexander Klink (Cynops GmbH). Details will be disclosed at a later date.

- Rich text editing can no longer be used to allow cross domain scripting, as reported by David Bloom. See our advisory.

- Prevented bitmaps from revealing random data from memory, as reported by Gynvael Coldwind. Details will be disclosed at a later date.

Solution

Update the affected packages.

See Also

https://help.opera.com/en/latest/

http://www.nessus.org/u?727499ab

http://www.nessus.org/u?97c5c7bf

Plugin Details

Severity: Critical

ID: 29771

File Name: freebsd_pkg_31b045e7ae7511dca5f9001a4d49522b.nasl

Version: 1.18

Type: local

Published: 12/24/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, p-cpe:/a:freebsd:freebsd:opera-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/19/2007

Vulnerability Publication Date: 12/19/2007

Reference Information

CVE: CVE-2007-6520, CVE-2007-6521, CVE-2007-6522, CVE-2007-6524

CWE: 200, 310, 79