FreeBSD : opera -- multiple vulnerabilities (225bc349-ce10-11dd-a721-0030843d3802)

High Nessus Plugin ID 35240


The remote FreeBSD host is missing one or more security-related updates.


The Opera Team reports :

Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code.

Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional techniques will have to be employed.

Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remote Web pages cannot refer to file: URLs, so successful exploitation involves tricking users into manually opening the exploit URL, or a local file that refers to it.

When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to.
These may contain sensitive information.

Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untrusted users, which it then displays using XSLT as escaped strings, this can allow scripted markup to be injected. The scripts will then be executed in the security context of that site.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 35240

File Name: freebsd_pkg_225bc349ce1011dda7210030843d3802.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2008/12/21

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/12/19

Vulnerability Publication Date: 2008/11/18

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Reference Information

CVE: CVE-2008-5178

Secunia: 32752

CWE: 119