Summary
The host is installed with Opera and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary script code, disclose sensitive information or spoof the originating URL of a trusted web site and carry out phishing-style attacks.
Impact Level: System/Application
Solution
Upgrade to Opera version 11.65 or 12 or later,
For updates refer to http://www.opera.com/
Insight
- An error when displaying preferences within a small window can be exploited to execute arbitrary code by tricking a user into entering a specific keyboard sequence.
- An error when displaying pop-up windows can be exploited to execute script code by tricking a user into following a specific sequence of events.
- An error when handling JSON resources can be exploited to bypass the cross domain policy restriction and disclose certain information to other sites.
- An unspecified error can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.
- An error when handling page loads can be exploited to display arbitrary content while showing the URL of a trusted web site in the address.
Affected
Opera version prior to 11.65 on Mac OS X
References
- http://secunia.com/advisories/49533/
- http://www.opera.com/docs/changelogs/mac/1165/
- http://www.opera.com/docs/changelogs/mac/1200/
- http://www.opera.com/support/kb/view/1018/
- http://www.opera.com/support/kb/view/1019/
- http://www.opera.com/support/kb/view/1020/
- http://www.opera.com/support/kb/view/1021/
- http://www.opera.com/support/kb/view/1022/
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-3555, CVE-2012-3556, CVE-2012-3557, CVE-2012-3558, CVE-2012-3560 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities