Synopsis
The remote host has a web browser installed that is affected by a memory corruption vulnerability.
Description
The remote host is running the Opera web browser.
Versions of Opera earlier than 11.50 are potentially affected by multiple vulnerabilities :
- An error in the handling of data URIs that allows cross-site scripting in some unspecified cases. (Issue 995)
- An error exists in the browser's handling of error pages. Opera generates error pages in response to an invalid URL. If enough invalid URLs are attempted, the host's disk space is eventually filled, the browser crashes and the error files are left behind. (Issue 996)
- An additional, moderately severe and unspecified error exists. Details regarding this error are to be released in the future. (CVE-2011-2610)
- Several unspecified errors exist that can cause application crashes. Affected items or functionality are : printing, unspecified web content, JavaScript, Array.prototype.join method, drawing paths with many characters, selecting text nodes, iframes, closed or removed pop-up windows, moving audio or video elements between windows, canvas elements, SVG items, CSS files, form layouts, web workers, SVG BiDi, large tables and print preview, select elements with many items, and the src attribute of the iframe element. (CVE-2011-2611, CVE-2011-2612, CVE-2011-2613, CVE-2011-2614, CVE-2011-2615, CVE-2011-2616, CVE-2011-2617, CVE-2011-2618, CVE-2011-2619, CVE-2011-2620, CVE-2011-2621, CVE-2011-2622, CVE-2011-2623, CVE-2011-2624, CVE-2011-2625, CVE-2011-2626, CVE-2011-2627)
Solution
Upgrade to Opera 11.50 or later.