Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone AGOPENVAS:1361412562310801370
HistoryJul 16, 2010 - 12:00 a.m.

Opera Browser < 10.54 Multiple Vulnerabilities (Jul 2010) - Windows

2010-07-1600:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
7

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.1

Percentile

94.9%

JSON

Opera web browser is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.801370");
  script_version("2024-02-22T14:37:29+0000");
  script_tag(name:"last_modification", value:"2024-02-22 14:37:29 +0000 (Thu, 22 Feb 2024)");
  script_tag(name:"creation_date", value:"2010-07-16 18:57:03 +0200 (Fri, 16 Jul 2010)");
  script_cve_id("CVE-2010-2660", "CVE-2010-2661", "CVE-2010-2665", "CVE-2010-2666");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_name("Opera Browser < 10.54 Multiple Vulnerabilities (Jul 2010) - Windows");
  script_xref(name:"URL", value:"http://secunia.com/advisories/40250");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40973");
  script_xref(name:"URL", value:"http://www.opera.com/support/kb/view/962/");
  script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2010/1529");
  script_xref(name:"URL", value:"http://www.opera.com/docs/changelogs/windows/1054/");

  script_tag(name:"qod_type", value:"registry");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_family("General");
  script_dependencies("gb_opera_detect_portable_win.nasl");
  script_mandatory_keys("Opera/Win/Version");
  script_tag(name:"impact", value:"Successful exploitation will let attackers to cause a denial of service or
  execute arbitrary code.");
  script_tag(name:"affected", value:"Opera version prior to 10.54 on Windows.");
  script_tag(name:"insight", value:"Multiple flaws exist due to:

  - Fails to restrict certain uses of homograph characters in domain
    names, which makes it easier for remote attackers to spoof IDN domains.

  - Fails to properly restrict access to the full pathname of a file selected
    for upload, which allows attackers to obtain potentially sensitive
    information.

  - Cross site scripting (XSS) vulnerability when handling a data: URI.

  - Fails to properly enforce permission requirements for widget filesystem.");
  script_tag(name:"solution", value:"Upgrade to Opera 10.54 or later.");
  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"summary", value:"Opera web browser is prone to multiple vulnerabilities.");
  exit(0);
}

include("version_func.inc");

operaVer = get_kb_item("Opera/Win/Version");
if(!operaVer){
  exit(0);
}

if(version_is_less(version:operaVer, test_version:"10.54")){
  report = report_fixed_ver(installed_version:operaVer, fixed_version:"10.54");
  security_message(port: 0, data: report);
  exit(0);
}

exit(99);

Related

openvas 3
nessus 2
cve 5
prion 5
cvelist 5
nvd 5
gentoo 1
openvas
openvas
Opera Browser Multiple Vulnerabilities july-10 (Win02)
2010-07-16 00:00:00
Gentoo Security Advisory GLSA 201206-03 (Opera)
2012-08-10 00:00:00
Gentoo Security Advisory GLSA 201206-03 (Opera)
2012-08-10 00:00:00
nessus
nessus
Opera < 10.54 Multiple Vulnerabilities
2010-06-22 00:00:00
GLSA-201206-03 : Opera: Multiple vulnerabilities
2012-06-21 00:00:00
cve
cve
CVE-2010-2661
2010-07-08 12:54:47
CVE-2010-2660
2010-07-08 12:54:47
CVE-2010-2666
2010-07-08 12:54:47
prion
prion
Code injection
2010-07-08 12:54:00
Design/Logic Flaw
2010-07-08 12:54:00
Cross site scripting
2010-07-08 12:54:00
cvelist
cvelist
CVE-2010-2661
2010-07-07 18:00:00
CVE-2010-2660
2010-07-07 18:00:00
CVE-2010-2666
2010-07-07 18:00:00
nvd
nvd
CVE-2010-2661
2010-07-08 12:54:47
CVE-2010-2666
2010-07-08 12:54:47
CVE-2010-2660
2010-07-08 12:54:47
gentoo
gentoo
Opera: Multiple vulnerabilities
2012-06-15 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.1

Percentile

94.9%

JSON
Related for OPENVAS:1361412562310801370
openvas3nessus2cve5prion5cvelist5nvd5gentoo1