Opera < 11.50 Multiple Vulnerabilities

low Nessus Network Monitor Plugin ID 5971

Synopsis

The remote host has a web browser installed that is affected by a memory corruption vulnerability.

Description

The remote host is running the Opera web browser.

Versions of Opera earlier than 11.50 are potentially affected by multiple vulnerabilities :

- An error in the handling of data URIs that allows cross-site scripting in some unspecified cases. (Issue 995)

- An error exists in the browser's handling of error pages. Opera generates error pages in response to an invalid URL. If enough invalid URLs are attempted, the host's disk space is eventually filled, the browser crashes and the error files are left behind. (Issue 996)

- An additional, moderately severe and unspecified error exists. Details regarding this error are to be released in the future. (CVE-2011-2610)

- Several unspecified errors exist that can cause application crashes. Affected items or functionality are : printing, unspecified web content, JavaScript, Array.prototype.join method, drawing paths with many characters, selecting text nodes, iframes, closed or removed pop-up windows, moving audio or video elements between windows, canvas elements, SVG items, CSS files, form layouts, web workers, SVG BiDi, large tables and print preview, select elements with many items, and the src attribute of the iframe element. (CVE-2011-2611, CVE-2011-2612, CVE-2011-2613, CVE-2011-2614, CVE-2011-2615, CVE-2011-2616, CVE-2011-2617, CVE-2011-2618, CVE-2011-2619, CVE-2011-2620, CVE-2011-2621, CVE-2011-2622, CVE-2011-2623, CVE-2011-2624, CVE-2011-2625, CVE-2011-2626, CVE-2011-2627)

Solution

Upgrade to Opera 11.50 or later.

See Also

http://www.opera.com/docs/changelogs/windows/1150

http://www.opera.com/support/kb/view/995

http://www.opera.com/support/kb/view/996

Plugin Details

Severity: Low

ID: 5971

Family: Web Clients

Published: 6/29/2011

Updated: 3/6/2019

Nessus ID: 55470

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:opera:opera_browser

Patch Publication Date: 6/28/2011

Vulnerability Publication Date: 6/28/2011

Reference Information

CVE: CVE-2011-1337, CVE-2011-2609, CVE-2011-2610, CVE-2011-2611, CVE-2011-2612, CVE-2011-2613, CVE-2011-2614, CVE-2011-2615, CVE-2011-2616, CVE-2011-2617, CVE-2011-2618, CVE-2011-2619, CVE-2011-2620, CVE-2011-2621, CVE-2011-2622, CVE-2011-2623, CVE-2011-2624, CVE-2011-2625, CVE-2011-2626, CVE-2011-2627

BID: 48500, 48501, 48556