Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.902667 |
Category: | General |
Title: | Opera Multiple Vulnerabilities - March12 (MacOSX) |
Summary: | The host is installed with Opera and is prone to multiple; vulnerabilities. |
Description: | Summary: The host is installed with Opera and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to - An error in web page dialogs handling, which displays the wrong address in the address field. - An error in history.state, which leaks the state data from cross domain pages via history.pushState() and history.replaceState() functions. - Fails to ensure that a dialog window is placed on top of content windows, allows attackers to trick users into executing downloads. - A small window for the download dialog. - A timed page reloads and redirects to different domains. - The web page content displayed outside of the intended content area. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code in the context of the browser, inject scripts, bypass certain security restrictions, conduct spoofing attacks, or cause a denial of service condition. Affected Software/OS: Opera version before 11.62 Solution: Upgrade to the Opera version 11.62 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-1924 http://osvdb.org/80620 http://secunia.com/advisories/48535 SuSE Security Announcement: openSUSE-SU-2012:0610 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00012.html XForce ISS Database: opera-dialog-box-code-execution(74349) https://exchange.xforce.ibmcloud.com/vulnerabilities/74349 Common Vulnerability Exposure (CVE) ID: CVE-2012-1925 http://osvdb.org/80621 XForce ISS Database: opera-content-window-code-exec(74503) https://exchange.xforce.ibmcloud.com/vulnerabilities/74503 Common Vulnerability Exposure (CVE) ID: CVE-2012-1926 http://osvdb.org/80622 XForce ISS Database: opera-historypushstate-info-disclosure(74351) https://exchange.xforce.ibmcloud.com/vulnerabilities/74351 Common Vulnerability Exposure (CVE) ID: CVE-2012-1927 http://osvdb.org/80623 XForce ISS Database: opera-address-field-spoofing(74502) https://exchange.xforce.ibmcloud.com/vulnerabilities/74502 Common Vulnerability Exposure (CVE) ID: CVE-2012-1928 http://osvdb.org/80624 XForce ISS Database: opera-redirects-spoofing(74353) https://exchange.xforce.ibmcloud.com/vulnerabilities/74353 Common Vulnerability Exposure (CVE) ID: CVE-2012-1929 XForce ISS Database: opera-dialogs-spoofing(74352) https://exchange.xforce.ibmcloud.com/vulnerabilities/74352 |
Copyright | Copyright (C) 2012 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |