Vulnerabilities > CVE-2010-3019 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opera Browser

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

opera

CWE-119

nessus

NVD

Published: 2010-08-16

Updated: 2017-09-19

Summary

Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations.

Vulnerable Configurations

Part	Description	Count
Application	Opera Opera Opera Browser 4.01 Opera Opera Browser 7.01 Opera Opera Browser 9.27 Opera Opera Browser 7.23 Opera Opera Browser 2.10 Opera Opera Browser 9.50 Opera Opera Browser 9.02 Opera Opera Browser 7.03 Opera Opera Browser 10.10 Opera Opera Browser 7.53 Opera Opera Browser 4.00 Opera Opera Browser 8.50 Opera Opera Browser 9.24 Opera Opera Browser 5.0 Opera Opera Browser 5.11 Opera Opera Browser 3.51 Opera Opera Browser 9.63 Opera Opera Browser 6.1 Opera Opera Browser 7.20 Opera Opera Browser 6.02 Opera Opera Browser 2.00 Opera Opera Browser 9.51 Opera Opera Browser 5.02 Opera Opera Browser 1.00 Opera Opera Browser 10.00 Opera Opera Browser 9.26 Opera Opera Browser 10.50 Opera Opera Browser 5.10 Opera Opera Browser 8.53 Opera Opera Browser 9.12 Opera Opera Browser 7.11 Opera Opera Browser 8.0 Opera Opera Browser 6.04 Opera Opera Browser 8.54 Opera Opera Browser 6.11 Opera Opera Browser 6.05 Opera Opera Browser 8.02 Opera Opera Browser 9.20 Opera Opera Browser 7.50 Opera Opera Browser 3.10 Opera Opera Browser 5.12 Opera Opera Browser 4.02 Opera Opera Browser 9.21 Opera Opera Browser 10.20 Opera Opera Browser 7.10 Opera Opera Browser 9.0 Opera Opera Browser 6.0 Opera Opera Browser 3.50 Opera Opera Browser 9.23 Opera Opera Browser 3.61 Opera Opera Browser 10.60 Opera Opera Browser - Opera Opera Browser 2.12 Opera Opera Browser 3.00 Opera Opera Browser 3.21 Opera Opera Browser 3.60 Opera Opera Browser 3.62 Opera Opera Browser 6.01 Opera Opera Browser 6.03 Opera Opera Browser 6.06 Opera Opera Browser 6.10 Opera Opera Browser 6.12 Opera Opera Browser 7.0 Opera Opera Browser 7.02 Opera Opera Browser 7.21 Opera Opera Browser 7.22 Opera Opera Browser 7.30 Opera Opera Browser 7.51 Opera Opera Browser 7.52 Opera Opera Browser 7.54 Opera Opera Browser 7.55 Opera Opera Browser 7.60 Opera Opera Browser 8.00 Opera Opera Browser 8.01 Opera Opera Browser 8.51 Opera Opera Browser 8.52 Opera Opera Browser 9.00 Opera Opera Browser 9.01 Opera Opera Browser 9.10 Opera Opera Browser 9.22 Opera Opera Browser 9.25 Opera Opera Browser 9.52 Opera Opera Browser 9.60 Opera Opera Browser 9.61 Opera Opera Browser 9.62 Opera Opera Browser 9.64 Opera Opera Browser 10.01 Opera Opera Browser 10.11 Opera Opera Browser 10.51 Opera Opera Browser 10.52 Opera Opera Browser 10.53 Opera Opera Browser 10.54	147

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_1_OPERA-100824.NASL
description	This update of opera fixes the following vulnerabilities : - CVE-2010-2576: CVSS v2 Base Score: 6.8 (CWE-94): unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewitt of Secunia - CVE-2010-3019: CVSS v2 Base Score: 9.3 (CWE-119): heap buffer overflow in HTML5 canvas could be used to execute arbitrary code, as reported by Kuzzcc - CVE-2010-3020: CVSS v2 Base Score: 5.0 (CWE-264): news feed preview could subscribe to feeds without interaction, as reported by Alexios Fakos - CVE-2010-3021: CVSS v2 Base Score: 4.3 (CWE-399): remote attackers could trigger a remote denial of service (CPU consumption and application hang) via an animated PNG image
last seen	2020-06-01
modified	2020-06-02
plugin id	48430
published	2010-08-25
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/48430
title	openSUSE Security Update : opera (openSUSE-SU-2010:0540-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update opera-2991. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(48430); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-2576", "CVE-2010-3019", "CVE-2010-3020", "CVE-2010-3021"); script_name(english:"openSUSE Security Update : opera (openSUSE-SU-2010:0540-1)"); script_summary(english:"Check for the opera-2991 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of opera fixes the following vulnerabilities : - CVE-2010-2576: CVSS v2 Base Score: 6.8 (CWE-94): unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewitt of Secunia - CVE-2010-3019: CVSS v2 Base Score: 9.3 (CWE-119): heap buffer overflow in HTML5 canvas could be used to execute arbitrary code, as reported by Kuzzcc - CVE-2010-3020: CVSS v2 Base Score: 5.0 (CWE-264): news feed preview could subscribe to feeds without interaction, as reported by Alexios Fakos - CVE-2010-3021: CVSS v2 Base Score: 4.3 (CWE-399): remote attackers could trigger a remote denial of service (CPU consumption and application hang) via an animated PNG image" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=630771" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-08/msg00055.html" ); script_set_attribute(attribute:"solution", value:"Update the affected opera package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"opera-10.61-0.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opera"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_2_OPERA-100824.NASL
description	This update of opera fixes the following vulnerabilities : - CVE-2010-2576: CVSS v2 Base Score: 6.8 (CWE-94): unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewitt of Secunia - CVE-2010-3019: CVSS v2 Base Score: 9.3 (CWE-119): heap buffer overflow in HTML5 canvas could be used to execute arbitrary code, as reported by Kuzzcc - CVE-2010-3020: CVSS v2 Base Score: 5.0 (CWE-264): news feed preview could subscribe to feeds without interaction, as reported by Alexios Fakos - CVE-2010-3021: CVSS v2 Base Score: 4.3 (CWE-399): remote attackers could trigger a remote denial of service (CPU consumption and application hang) via an animated PNG image
last seen	2020-06-01
modified	2020-06-02
plugin id	48431
published	2010-08-25
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/48431
title	openSUSE Security Update : opera (openSUSE-SU-2010:0540-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update opera-2991. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(48431); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-2576", "CVE-2010-3019", "CVE-2010-3020", "CVE-2010-3021"); script_name(english:"openSUSE Security Update : opera (openSUSE-SU-2010:0540-1)"); script_summary(english:"Check for the opera-2991 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of opera fixes the following vulnerabilities : - CVE-2010-2576: CVSS v2 Base Score: 6.8 (CWE-94): unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewitt of Secunia - CVE-2010-3019: CVSS v2 Base Score: 9.3 (CWE-119): heap buffer overflow in HTML5 canvas could be used to execute arbitrary code, as reported by Kuzzcc - CVE-2010-3020: CVSS v2 Base Score: 5.0 (CWE-264): news feed preview could subscribe to feeds without interaction, as reported by Alexios Fakos - CVE-2010-3021: CVSS v2 Base Score: 4.3 (CWE-399): remote attackers could trigger a remote denial of service (CPU consumption and application hang) via an animated PNG image" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=630771" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-08/msg00055.html" ); script_set_attribute(attribute:"solution", value:"Update the affected opera package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"opera-10.61-0.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opera"); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201206-03.NASL
description	The remote host is affected by the vulnerability described in GLSA-201206-03 (Opera: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	59631
published	2012-06-21
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/59631
title	GLSA-201206-03 : Opera: Multiple vulnerabilities
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201206-03. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(59631); script_version("1.7"); script_cvs_date("Date: 2019/10/16 10:34:21"); script_cve_id("CVE-2009-1234", "CVE-2009-2059", "CVE-2009-2063", "CVE-2009-2067", "CVE-2009-2070", "CVE-2009-3013", "CVE-2009-3044", "CVE-2009-3045", "CVE-2009-3046", "CVE-2009-3047", "CVE-2009-3048", "CVE-2009-3049", "CVE-2009-3831", "CVE-2009-4071", "CVE-2009-4072", "CVE-2010-0653", "CVE-2010-1349", "CVE-2010-1989", "CVE-2010-1993", "CVE-2010-2121", "CVE-2010-2421", "CVE-2010-2455", "CVE-2010-2576", "CVE-2010-2658", "CVE-2010-2659", "CVE-2010-2660", "CVE-2010-2661", "CVE-2010-2662", "CVE-2010-2663", "CVE-2010-2664", "CVE-2010-2665", "CVE-2010-3019", "CVE-2010-3020", "CVE-2010-3021", "CVE-2010-4579", "CVE-2010-4580", "CVE-2010-4581", "CVE-2010-4582", "CVE-2010-4583", "CVE-2010-4584", "CVE-2010-4585", "CVE-2010-4586", "CVE-2011-0681", "CVE-2011-0682", "CVE-2011-0683", "CVE-2011-0684", "CVE-2011-0685", "CVE-2011-0686", "CVE-2011-0687", "CVE-2011-1337", "CVE-2011-1824", "CVE-2011-2609", "CVE-2011-2610", "CVE-2011-2611", "CVE-2011-2612", "CVE-2011-2613", "CVE-2011-2614", "CVE-2011-2615", "CVE-2011-2616", "CVE-2011-2617", "CVE-2011-2618", "CVE-2011-2619", "CVE-2011-2620", "CVE-2011-2621", "CVE-2011-2622", "CVE-2011-2623", "CVE-2011-2624", "CVE-2011-2625", "CVE-2011-2626", "CVE-2011-2627", "CVE-2011-2628", "CVE-2011-2629", "CVE-2011-2630", "CVE-2011-2631", "CVE-2011-2632", "CVE-2011-2633", "CVE-2011-2634", "CVE-2011-2635", "CVE-2011-2636", "CVE-2011-2637", "CVE-2011-2638", "CVE-2011-2639", "CVE-2011-2640", "CVE-2011-2641", "CVE-2011-3388", "CVE-2011-4065", "CVE-2011-4681", "CVE-2011-4682", "CVE-2011-4683", "CVE-2012-1924", "CVE-2012-1925", "CVE-2012-1926", "CVE-2012-1927", "CVE-2012-1928", "CVE-2012-1930", "CVE-2012-1931", "CVE-2012-3555", "CVE-2012-3556", "CVE-2012-3557", "CVE-2012-3558", "CVE-2012-3560", "CVE-2012-3561"); script_xref(name:"GLSA", value:"201206-03"); script_name(english:"GLSA-201206-03 : Opera: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201206-03 (Opera: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201206-03" ); script_set_attribute( attribute:"solution", value: "All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/opera-12.00.1467'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 94, 264, 287, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:opera"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/02"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/opera", unaffected:make_list("ge 12.00.1467"), vulnerable:make_list("lt 12.00.1467"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Opera"); }

NASL family	Windows
NASL id	OPERA_1061.NASL
description	The version of Opera installed on the remote host is earlier than 10.61. Such versions are potentially affected by the following issues : - A heap overflow when performing painting operations on an HTML5 canvas can result in execution of arbitrary code. (966) - An issue with tab focus is open to an attack where it is used to obscure a download dialog that is in another tab. The user can be tricked into clicking on buttons in the dialog, resulting in the downloaded file being executed. (967) - Certain types of content concerning the news feed preview do not have their scripts removed properly, possibly resulting in subscription of feeds without the user
last seen	2020-06-01
modified	2020-06-02
plugin id	48317
published	2010-08-12
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/48317
title	Opera < 10.61 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(48317); script_version("1.12"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id( "CVE-2010-2576", "CVE-2010-3019", "CVE-2010-3020", "CVE-2010-3021", "CVE-2011-1824" ); script_bugtraq_id(42407, 47764); script_xref(name:"Secunia", value:"40120"); script_name(english:"Opera < 10.61 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Opera"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities"); script_set_attribute(attribute:"description", value: "The version of Opera installed on the remote host is earlier than 10.61. Such versions are potentially affected by the following issues : - A heap overflow when performing painting operations on an HTML5 canvas can result in execution of arbitrary code. (966) - An issue with tab focus is open to an attack where it is used to obscure a download dialog that is in another tab. The user can be tricked into clicking on buttons in the dialog, resulting in the downloaded file being executed. (967) - Certain types of content concerning the news feed preview do not have their scripts removed properly, possibly resulting in subscription of feeds without the user's consent. (968) - Loading an animated PNG image may cause high CPU usage with no response from the browser. (CVE-2010-3021) - An error exists in the handling of 'SELECT' HTML elements having a very large 'size' attribute. This error can allow memory corruption and possibly allows remote code execution. (CVE-2011-1824)" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170801125326/http://www.opera.com:80/docs/changelogs/windows/1061/"); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225215244/http://www.opera.com/support/kb/view/966/"); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225211631/http://www.opera.com/support/kb/view/967/"); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225215002/http://www.opera.com/support/kb/view/968/"); script_set_attribute(attribute:"see_also", value:"http://www.toucan-system.com/advisories/tssa-2011-02.txt"); script_set_attribute(attribute:"solution", value:"Upgrade to Opera 10.61 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/12"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("opera_installed.nasl"); script_require_keys("SMB/Opera/Version"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Opera/Version"); version_ui = get_kb_item("SMB/Opera/Version_UI"); if (isnull(version_ui)) version_report = version; else version_report = version_ui; install_path = get_kb_item_or_exit('SMB/Opera/Path'); if (ver_compare(ver:version, fix:'10.61.3484.0') == -1) { if (report_verbosity > 0) { report = '\n Path : ' + install_path + '\n Installed version : ' + version_report + '\n Fixed version : 10.61' + '\n'; security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(port:get_kb_item("SMB/transport")); exit(0); } else exit(0, "The host is not affected since Opera "+version_report+" is installed.");

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_3_OPERA-100824.NASL
description	This update of opera fixes the following vulnerabilities : - CVE-2010-2576: CVSS v2 Base Score: 6.8 (CWE-94): unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewitt of Secunia - CVE-2010-3019: CVSS v2 Base Score: 9.3 (CWE-119): heap buffer overflow in HTML5 canvas could be used to execute arbitrary code, as reported by Kuzzcc - CVE-2010-3020: CVSS v2 Base Score: 5.0 (CWE-264): news feed preview could subscribe to feeds without interaction, as reported by Alexios Fakos - CVE-2010-3021: CVSS v2 Base Score: 4.3 (CWE-399): remote attackers could trigger a remote denial of service (CPU consumption and application hang) via an animated PNG image
last seen	2020-06-01
modified	2020-06-02
plugin id	75691
published	2014-06-13
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75691
title	openSUSE Security Update : opera (openSUSE-SU-2010:0540-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update opera-2991. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75691); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-2576", "CVE-2010-3019", "CVE-2010-3020", "CVE-2010-3021"); script_name(english:"openSUSE Security Update : opera (openSUSE-SU-2010:0540-1)"); script_summary(english:"Check for the opera-2991 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of opera fixes the following vulnerabilities : - CVE-2010-2576: CVSS v2 Base Score: 6.8 (CWE-94): unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewitt of Secunia - CVE-2010-3019: CVSS v2 Base Score: 9.3 (CWE-119): heap buffer overflow in HTML5 canvas could be used to execute arbitrary code, as reported by Kuzzcc - CVE-2010-3020: CVSS v2 Base Score: 5.0 (CWE-264): news feed preview could subscribe to feeds without interaction, as reported by Alexios Fakos - CVE-2010-3021: CVSS v2 Base Score: 4.3 (CWE-399): remote attackers could trigger a remote denial of service (CPU consumption and application hang) via an animated PNG image" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=630771" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-08/msg00055.html" ); script_set_attribute(attribute:"solution", value:"Update the affected opera package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"opera-10.61-0.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opera"); }

Oval

accepted

2013-12-23T04:00:08.121-05:00

class

vulnerability

contributors

name Preeti Subramanian
organization SecPod Technologies
name Josh Turpin
organization Symantec Corporation
name Maria Kedovskaya
organization ALTX-SOFT

definition_extensions

comment	Opera Browser is installed
oval	oval:org.mitre.oval:def:6482

description

family

windows

oval:org.mitre.oval:def:12066

status

accepted

submitted

2010-08-18T13:22:21

title

Heap-based buffer overflow in Opera before 10.61

version

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

References