Summary
The host is installed with Opera browser and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to obtain sensitive information and cause a denial of service.
Impact Level: Application
Solution
Upgarde to Opera Web Browser Version 11.00 or later, For updates refer to http://www.opera.com/download/
Insight
Multiple flaws are cause due to:
- WAP fails to clear 'WML' form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information.
- Not properly constrain dialogs to appear on top of rendered documents.
- Unspecified vulnerability which has unknown impact and attack vectors.
- Not display a page's security indication, when Opera Turbo is enabled.
- Not properly handling security policies during updates to extensions.
- Fails to present information about problematic 'X.509' certificates on https web sites, when 'Opera Turbo' is used.
- Unspecified vulnerability in the auto-update functionality, which leads to a denial of service.
- Fails to implement the Insecure Third Party Module warning message.
- Enabling 'WebSockets' functionality, which has unspecified impact and remote attack vectors.
Affected
Opera Web Browser Version prior 11.00
References
Severity
Classification
-
CVE CVE-2010-4579, CVE-2010-4580, CVE-2010-4581, CVE-2010-4582, CVE-2010-4583, CVE-2010-4584, CVE-2010-4585, CVE-2010-4586, CVE-2010-4587 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities