Detections
Analytics
Opera < 12.13 Multiple Vulnerabilities
high Nessus Plugin ID 64363
Language:
Synopsis
The remote host contains a web browser that is affected by multiple vulnerabilities.Description
The version of Opera installed on the remote host is earlier than 12.13 and is, therefore, reportedly affected by the following vulnerabilities :- An error exists related to DOM manipulation that could lead to application crashes or arbitrary code execution. (1042)
- A use-after-free error exists related to SVG 'clipPaths' that could lead to memory corruption or arbitrary code execution. (1043)
- An error exists related to the TLS protocol, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (1044)
- The application could fail to make the proper 'pre- flight' Cross-Origin Resource Sharing (CORS) requests.
In some situations this error could aid an attacker in cross-site request forgery (CSRF) attacks. (1045)
- An unspecified, low severity issue exists that has an unspecified impact.
Solution
Upgrade to Opera 12.13 or later.See Also
http://www.opera.com/support/kb/view/1042/
http://www.opera.com/support/kb/view/1043/
http://www.nessus.org/u?b6c8e28b
http://www.nessus.org/u?be318a6f
http://www.nessus.org/u?52e5bc38
Plugin Details
Severity: High
ID: 64363
File Name: opera_1213.nasl
Version: 1.14
Type: Local
Agent: windows
Family: Windows
Published: 1/30/2013
Updated: 5/27/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2013-1639
Vulnerability Information
CPE: cpe:/a:opera:opera_browser
Required KB Items: installed_sw/Opera
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/30/2013
Vulnerability Publication Date: 1/30/2013
Reference Information
CVE: CVE-2013-1618, CVE-2013-1637, CVE-2013-1638, CVE-2013-1639