Vulnerabilities > CVE-2010-2421 - Multiple Security vulnerability in Opera Web Browser prior to 10.54
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues.
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-03.NASL description The remote host is affected by the vulnerability described in GLSA-201206-03 (Opera: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59631 published 2012-06-21 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59631 title GLSA-201206-03 : Opera: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201206-03. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(59631); script_version("1.7"); script_cvs_date("Date: 2019/10/16 10:34:21"); script_cve_id("CVE-2009-1234", "CVE-2009-2059", "CVE-2009-2063", "CVE-2009-2067", "CVE-2009-2070", "CVE-2009-3013", "CVE-2009-3044", "CVE-2009-3045", "CVE-2009-3046", "CVE-2009-3047", "CVE-2009-3048", "CVE-2009-3049", "CVE-2009-3831", "CVE-2009-4071", "CVE-2009-4072", "CVE-2010-0653", "CVE-2010-1349", "CVE-2010-1989", "CVE-2010-1993", "CVE-2010-2121", "CVE-2010-2421", "CVE-2010-2455", "CVE-2010-2576", "CVE-2010-2658", "CVE-2010-2659", "CVE-2010-2660", "CVE-2010-2661", "CVE-2010-2662", "CVE-2010-2663", "CVE-2010-2664", "CVE-2010-2665", "CVE-2010-3019", "CVE-2010-3020", "CVE-2010-3021", "CVE-2010-4579", "CVE-2010-4580", "CVE-2010-4581", "CVE-2010-4582", "CVE-2010-4583", "CVE-2010-4584", "CVE-2010-4585", "CVE-2010-4586", "CVE-2011-0681", "CVE-2011-0682", "CVE-2011-0683", "CVE-2011-0684", "CVE-2011-0685", "CVE-2011-0686", "CVE-2011-0687", "CVE-2011-1337", "CVE-2011-1824", "CVE-2011-2609", "CVE-2011-2610", "CVE-2011-2611", "CVE-2011-2612", "CVE-2011-2613", "CVE-2011-2614", "CVE-2011-2615", "CVE-2011-2616", "CVE-2011-2617", "CVE-2011-2618", "CVE-2011-2619", "CVE-2011-2620", "CVE-2011-2621", "CVE-2011-2622", "CVE-2011-2623", "CVE-2011-2624", "CVE-2011-2625", "CVE-2011-2626", "CVE-2011-2627", "CVE-2011-2628", "CVE-2011-2629", "CVE-2011-2630", "CVE-2011-2631", "CVE-2011-2632", "CVE-2011-2633", "CVE-2011-2634", "CVE-2011-2635", "CVE-2011-2636", "CVE-2011-2637", "CVE-2011-2638", "CVE-2011-2639", "CVE-2011-2640", "CVE-2011-2641", "CVE-2011-3388", "CVE-2011-4065", "CVE-2011-4681", "CVE-2011-4682", "CVE-2011-4683", "CVE-2012-1924", "CVE-2012-1925", "CVE-2012-1926", "CVE-2012-1927", "CVE-2012-1928", "CVE-2012-1930", "CVE-2012-1931", "CVE-2012-3555", "CVE-2012-3556", "CVE-2012-3557", "CVE-2012-3558", "CVE-2012-3560", "CVE-2012-3561"); script_xref(name:"GLSA", value:"201206-03"); script_name(english:"GLSA-201206-03 : Opera: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201206-03 (Opera: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201206-03" ); script_set_attribute( attribute:"solution", value: "All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/opera-12.00.1467'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 94, 264, 287, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:opera"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/02"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/opera", unaffected:make_list("ge 12.00.1467"), vulnerable:make_list("lt 12.00.1467"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Opera"); }NASL family Windows NASL id OPERA_1054.NASL description The version of Opera installed on the remote host is earlier than 10.54. Such versions are potentially affected by the following issues : - Web fonts may be used to trigger a privilege elevation vulnerability in the Windows operating system (MS10-032) (954) - It may be possible to use data URIs in a cross-site scripting attack. (955) - File inputs may disclose the path to selected files. (960) - It may be possible to use certain characters for domain name spoofing. (961) - It may be possible for a widget to use unrestricted file I/O to execute arbitrary code. (962) last seen 2020-06-01 modified 2020-06-02 plugin id 47113 published 2010-06-22 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47113 title Opera < 10.54 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(47113); script_version("1.12"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id( "CVE-2010-2421", "CVE-2010-2660", "CVE-2010-2661", "CVE-2010-2665", "CVE-2010-2666" ); script_bugtraq_id(40973); script_xref(name:"Secunia", value:"40250"); script_name(english:"Opera < 10.54 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Opera"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities"); script_set_attribute(attribute:"description", value: "The version of Opera installed on the remote host is earlier than 10.54. Such versions are potentially affected by the following issues : - Web fonts may be used to trigger a privilege elevation vulnerability in the Windows operating system (MS10-032) (954) - It may be possible to use data URIs in a cross-site scripting attack. (955) - File inputs may disclose the path to selected files. (960) - It may be possible to use certain characters for domain name spoofing. (961) - It may be possible for a widget to use unrestricted file I/O to execute arbitrary code. (962)" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170901003657/http://www.opera.com/docs/changelogs/windows/1054/"); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225211645/http://www.opera.com/support/kb/view/954/"); script_set_attribute(attribute:"see_also", value:"http://www.opera.com/support/kb/view/955/"); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225211652/http://www.opera.com/support/kb/view/960/"); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225211648/http://www.opera.com/support/kb/view/961/"); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130223095723/http://www.opera.com/support/kb/view/962/"); script_set_attribute(attribute:"solution", value:"Upgrade to Opera 10.54 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/21"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("opera_installed.nasl"); script_require_keys("SMB/Opera/Version"); exit(0); } include("global_settings.inc"); version_ui = get_kb_item("SMB/Opera/Version_UI"); version = get_kb_item("SMB/Opera/Version"); if (isnull(version)) exit(1, "The 'SMB/Opera/Version' KB item is missing."); if (isnull(version_ui)) version_report = version; else version_report = version_ui; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( ver[0] < 10 || (ver[0] == 10 && ver[1] < 54) ) { if (report_verbosity > 0) { path = get_kb_item('SMB/Opera/Path'); if (isnull(path)) path = 'n/a'; report = '\n Path : ' + path + '\n Installed version : ' + version_report + '\n Fixed version : 10.54\n'; security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(port:get_kb_item("SMB/transport")); exit(0); } else exit(0, "The host is not affected since Opera "+version_report+" is installed.");
Oval
| accepted | 2013-12-23T04:00:06.122-05:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:11352 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-08-03T10:31:45.529 | ||||||||||||
| title | Multiple unspecified vulnerabilities in Opera before 10.64 | ||||||||||||
| version | 11 |
References
- http://secunia.com/advisories/40250
- http://www.opera.com/docs/changelogs/mac/1054/
- http://www.opera.com/docs/changelogs/windows/1054/
- http://www.securityfocus.com/bid/40973
- http://www.vupen.com/english/advisories/2010/1529
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11352