Detections
Analytics
Opera < 10.63 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 5678
Synopsis
The remote host has a web browser that is vulnerable to multiple attack vectors.Description
The remote host is running the Opera web browser. Versions of Opera earlier than 10.63 are potentially affected by multiple vulnerabilities :- It is possible to bypass cross-domain checks, and allow partial data theft by using CSS. (971)
- It is possible to spoof the page address by modifying the size of the browser window. (972)
- Carefully timed reloads and redirects could allow spoofing and cross-site scripting attacks. Using this XSS vector it may be possible to modify Opera's configuration, which could allow arbitrary code execution on the remote system. (973)
- It is possible to intercept private video streams. (974)
- An error while displaying invalid URL's could allow cross-site scripting attacks. (976)
Solution
Upgrade to Opera 10.63 or later.See Also
http://www.nessus.org/u?7d1d3543
http://www.opera.com/docs/changelogs/windows/1063
http://www.opera.com/support/kb/view/971
http://www.opera.com/support/kb/view/972
http://www.opera.com/support/kb/view/973
Plugin Details
Severity: Medium
ID: 5678
Family: Web Clients
Published: 10/13/2010
Updated: 3/6/2019
Nessus ID: 49964
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.6
Temporal Score: 5.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:U/RC:X
Vulnerability Information
CPE: cpe:/a:opera:opera_browser
Patch Publication Date: 10/12/2010
Vulnerability Publication Date: 9/13/2010
Reference Information
CVE: CVE-2010-4043, CVE-2010-4044, CVE-2010-4045, CVE-2010-4046, CVE-2010-4047, CVE-2010-4048, CVE-2010-4049, CVE-2010-4050