Opera < 12.13 Multiple Vulnerabilities

High Nessus Plugin ID 64363


The remote host contains a web browser that is affected by multiple vulnerabilities.


The version of Opera installed on the remote host is earlier than 12.13 and is, therefore, reportedly affected by the following vulnerabilities :

- An error exists related to DOM manipulation that could lead to application crashes or arbitrary code execution. (1042)

- A use-after-free error exists related to SVG 'clipPaths' that could lead to memory corruption or arbitrary code execution. (1043)

- An error exists related to the TLS protocol, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (1044)

- The application could fail to make the proper 'pre- flight' Cross-Origin Resource Sharing (CORS) requests.
In some situations this error could aid an attacker in cross-site request forgery (CSRF) attacks. (1045)

- An unspecified, low severity issue exists that has an unspecified impact.


Upgrade to Opera 12.13 or later.

See Also








Plugin Details

Severity: High

ID: 64363

File Name: opera_1213.nasl

Version: $Revision: 1.11 $

Type: local

Agent: windows

Family: Windows

Published: 2013/01/30

Modified: 2016/05/12

Dependencies: 21746

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:ND/RC:ND

Vulnerability Information

CPE: cpe:/a:opera:opera_browser

Required KB Items: SMB/Opera/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/01/30

Vulnerability Publication Date: 2013/01/30

Reference Information

CVE: CVE-2013-1618, CVE-2013-1637, CVE-2013-1638, CVE-2013-1639

BID: 57633, 57773

OSVDB: 89614, 89615, 89616, 89848

EDB-ID: 24448