FreeBSD : opera -- multiple vulnerabilities (0e30e802-a9db-11dd-93a2-000bcdf0a03b)

High Nessus Plugin ID 34688

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Opera reports :

When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration, allowing them to execute arbitrary code.

The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated frame, which allows cross-site scripting.

Solution

Update the affected packages.

See Also

http://www.opera.com/support/search/view/906/

http://www.opera.com/support/search/view/907/

http://www.nessus.org/u?83481bfd

Plugin Details

Severity: High

ID: 34688

File Name: freebsd_pkg_0e30e802a9db11dd93a2000bcdf0a03b.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2008/11/04

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2008/11/03

Vulnerability Publication Date: 2008/11/03

Reference Information

CVE: CVE-2008-4794

CWE: 20