Opera < 10.61 Multiple Vulnerabilities

High Nessus Plugin ID 48317


The remote host contains a web browser that is affected by multiple vulnerabilities


The version of Opera installed on the remote host is earlier than 10.61. Such versions are potentially affected by the following issues :

- A heap overflow when performing painting operations on an HTML5 canvas can result in execution of arbitrary code. (966)

- An issue with tab focus is open to an attack where it is used to obscure a download dialog that is in another tab. The user can be tricked into clicking on buttons in the dialog, resulting in the downloaded file being executed. (967)

- Certain types of content concerning the news feed preview do not have their scripts removed properly, possibly resulting in subscription of feeds without the user's consent. (968)

- Loading an animated PNG image may cause high CPU usage with no response from the browser. (CVE-2010-3021)

- An error exists in the handling of 'SELECT' HTML elements having a very large 'size' attribute. This error can allow memory corruption and possibly allows remote code execution. (CVE-2011-1824)


Upgrade to Opera 10.61 or later.

See Also






Plugin Details

Severity: High

ID: 48317

File Name: opera_1061.nasl

Version: $Revision: 1.10 $

Type: local

Agent: windows

Family: Windows

Published: 2010/08/12

Modified: 2012/02/09

Dependencies: 21746

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:opera:opera_browser

Required KB Items: SMB/Opera/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/08/12

Vulnerability Publication Date: 2010/08/12

Reference Information

CVE: CVE-2010-2576, CVE-2010-3019, CVE-2010-3020, CVE-2010-3021, CVE-2011-1824

BID: 42407, 47764

OSVDB: 67201, 67202, 67203, 67204, 74176

Secunia: 40120