Summary
The host is installed with Opera and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary code in the context of the browser, inject scripts, bypass certain security restrictions, conduct spoofing attacks or cause a denial of service condition.
Impact Level: System/Application
Solution
Upgrade to the Opera version 11.62 or later,
For updates refer to http://www.opera.com/download/
Insight
Multiple flaws are due to
- An error in web page dialogs handling which displays the wrong address in the address field.
- An error in 'history.state' which leaks the state data from cross domain pages via 'history.pushState' and 'history.replaceState' functions.
- It fails to ensure that a dialog window is placed on top of content windows, allows attackers to trick users into executing downloads.
- A small window for the download dialog.
- A timed page reloads and redirects to different domains.
- printing issues which allows data leaks to other system users or allows them to corrupt data.
Affected
Opera version prior to 11.62 on Linux
References
- http://www.opera.com/docs/changelogs/unix/1162/
- http://www.opera.com/support/kb/view/1010/
- http://www.opera.com/support/kb/view/1011/
- http://www.opera.com/support/kb/view/1012/
- http://www.opera.com/support/kb/view/1013/
- http://www.opera.com/support/kb/view/1014/
- http://www.opera.com/support/kb/view/1015/
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-1924, CVE-2012-1925, CVE-2012-1926, CVE-2012-1927, CVE-2012-1928, CVE-2012-1930, CVE-2012-1931 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
- Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)
- Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
- Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
- Apache Tomcat Multiple Vulnerabilities - 02 Mar14