Detections
Analytics

FreeBSD : opera -- multiple vulnerabilities (0e30e802-a9db-11dd-93a2-000bcdf0a03b)

high Nessus Plugin ID 34688

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Opera reports :

When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration, allowing them to execute arbitrary code.

The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated frame, which allows cross-site scripting.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?044fc0d2

http://www.nessus.org/u?1c211f91

http://www.nessus.org/u?62553b92

Plugin Details

Severity: High

ID: 34688

File Name: freebsd_pkg_0e30e802a9db11dd93a2000bcdf0a03b.nasl

Version: 1.15

Type: local

Published: 11/4/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/3/2008

Vulnerability Publication Date: 11/3/2008

Reference Information

CVE: CVE-2008-4794

CWE: 20