Opera < 11.50 Multiple Vulnerabilities

critical Nessus Plugin ID 55470

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Opera installed on the remote Windows host is earlier than 11.50 and thus potentially affected by multiple vulnerabilities:

- An error exists in the handling of data URIs that allows cross-site scripting in some unspecified cases. (Issue #995)

- An error exists in the browser's handling of error pages. Opera generates error pages in response to an invalid URL. If enough invalid URLs are attempted, the host's disk space is eventually filled, the browser crashes and the error files are left behind. (Issue #996)

- An additional, moderately severe and unspecified error exists. Details regarding this error are to be released in the future. (CVE-2011-2610)

- Several unspecified errors exist that can cause application crashes. Affected items or functionaility are: printing, unspecified web content, JavaScript Array.prototype.join method, drawing paths with many characters, selecting text nodes, iframes, closed or removed pop-up windows, moving audio or video elements between windows, canvas elements, SVG items, CSS files, form layouts, web workers, SVG BiDi, large tables and print preview, select elements with many items, and the src attribute of the iframe element.
(CVE-2011-2611, CVE-2011-2612, CVE-2011-2613, CVE-2011-2614, CVE-2011-2615, CVE-2011-2616, CVE-2011-2617, CVE-2011-2618, CVE-2011-2619, CVE-2011-2620, CVE-2011-2621, CVE-2011-2622, CVE-2011-2623, CVE-2011-2624, CVE-2011-2625, CVE-2011-2626, CVE-2011-2627)

Solution

Upgrade to Opera 11.50 or later.

See Also

http://web.archive.org/web/20130223103501/http://www.opera.com/support/kb/view/995/

http://web.archive.org/web/20130223103505/http://www.opera.com/support/kb/view/996/

http://web.archive.org/web/20170912120426/http://www.opera.com/docs/changelogs/windows/1150/

Plugin Details

Severity: Critical

ID: 55470

File Name: opera_1150.nasl

Version: 1.12

Type: local

Agent: windows

Family: Windows

Published: 6/30/2011

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:opera:opera_browser

Required KB Items: SMB/Opera/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/28/2011

Vulnerability Publication Date: 6/28/2011

Reference Information

CVE: CVE-2011-1337, CVE-2011-2609, CVE-2011-2610, CVE-2011-2611, CVE-2011-2612, CVE-2011-2613, CVE-2011-2614, CVE-2011-2615, CVE-2011-2616, CVE-2011-2617, CVE-2011-2618, CVE-2011-2619, CVE-2011-2620, CVE-2011-2621, CVE-2011-2622, CVE-2011-2623, CVE-2011-2624, CVE-2011-2625, CVE-2011-2626, CVE-2011-2627

BID: 48500, 48501, 48556, 48568

Secunia: 45060