FreeBSD : opera -- multiple vulnerabilities (44224e08-8306-11dc-9283-0016179b2dd5)

high Nessus Plugin ID 27578

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

An advisory from Opera reports :

If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code.

When accessing frames from different Websites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Website.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?ddad77ee

https://www.opera.com/help

http://www.nessus.org/u?244456e6

Plugin Details

Severity: High

ID: 27578

File Name: freebsd_pkg_44224e08830611dc92830016179b2dd5.nasl

Version: 1.17

Type: local

Published: 10/26/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, p-cpe:/a:freebsd:freebsd:opera-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/25/2007

Vulnerability Publication Date: 10/17/2007

Reference Information

CVE: CVE-2007-5540, CVE-2007-5541

CWE: 20

Secunia: 27277