Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.902666
Category:General
Title:Opera Multiple Vulnerabilities - March12 (Windows)
Summary:The host is installed with Opera and is prone to multiple; vulnerabilities.
Description:Summary:
The host is installed with Opera and is prone to multiple
vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to

- An error in web page dialogs handling, which displays the wrong address in
the address field.

- An error in history.state, which leaks the state data from cross domain
pages via history.pushState() and history.replaceState() functions.

- Fails to ensure that a dialog window is placed on top of content windows,
allows attackers to trick users into executing downloads.

- A small window for the download dialog.

- A timed page reloads and redirects to different domains.

Vulnerability Impact:
Successful exploitation could allow attackers to execute arbitrary code in
the context of the browser, inject scripts, bypass certain security
restrictions, conduct spoofing attacks, or cause a denial of service
condition.

Affected Software/OS:
Opera version before 11.62 on Windows

Solution:
Upgrade to the Opera version 11.62 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1924
http://osvdb.org/80620
http://secunia.com/advisories/48535
SuSE Security Announcement: openSUSE-SU-2012:0610 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00012.html
XForce ISS Database: opera-dialog-box-code-execution(74349)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74349
Common Vulnerability Exposure (CVE) ID: CVE-2012-1925
http://osvdb.org/80621
XForce ISS Database: opera-content-window-code-exec(74503)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74503
Common Vulnerability Exposure (CVE) ID: CVE-2012-1926
http://osvdb.org/80622
XForce ISS Database: opera-historypushstate-info-disclosure(74351)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74351
Common Vulnerability Exposure (CVE) ID: CVE-2012-1927
http://osvdb.org/80623
XForce ISS Database: opera-address-field-spoofing(74502)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74502
Common Vulnerability Exposure (CVE) ID: CVE-2012-1928
http://osvdb.org/80624
XForce ISS Database: opera-redirects-spoofing(74353)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74353
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.