FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a4a809d8-25c8-11e1-b531-00215c6a37bbopera -- multiple vulnerabilities

Opera software reports:

  • Fixed a moderately severe issue; details will be disclosed at a later date
  • Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory
  • Improved handling of certificate revocation corner cases
  • Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory
  • Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory

Discovery 2011-12-06
Entry 2011-12-13
opera
linux-opera
< 11.60

opera-devel
< 11.60,1

CVE-2011-3389
CVE-2011-4681
CVE-2011-4682
CVE-2011-4683
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/
1fe734bf-4a06-11db-b48d-00508d6a62dfopera -- RSA Signature Forgery

Opera reports:

A specially crafted digital certificate can bypass Opera's certificate signature verification. Forged certificates can contain any false information the forger chooses, and Opera will still present it as valid. Opera will not present any warning dialogs in this case, and the security status will be the highest possible (3). This defeats the protection against "man in the middle", the attacks that SSL was designed to prevent.

There is a flaw in OpenSSL's RSA signature verification that affects digital certificates using 3 as the public exponent. Some of the certificate issuers that are on Opera's list of trusted signers have root certificates with 3 as the public exponent. The forged certificate can appear to be signed by one of these.


Discovery 2006-09-18
Entry 2006-09-22
opera
opera-devel
linux-opera
< 9.02

CVE-2006-4339
http://secunia.com/advisories/21982/
http://secunia.com/advisories/21709/
http://www.cdc.informatik.tu-darmstadt.de/securebrowser/
http://www.openssl.org/news/secadv_20060905.txt
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
31b045e7-ae75-11dc-a5f9-001a4d49522bopera -- multiple vulnerabilities

Opera Software ASA reports about multiple security fixes:

  • Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by David Bloom. Details will be disclosed at a later date.
  • Fixed an issue with TLS certificates that could be used to execute arbitrary code, as reported by Alexander Klink (Cynops GmbH). Details will be disclosed at a later date.
  • Rich text editing can no longer be used to allow cross domain scripting, as reported by David Bloom. See our advisory.
  • Prevented bitmaps from revealing random data from memory, as reported by Gynvael Coldwind. Details will be disclosed at a later date.

Discovery 2007-12-19
Entry 2007-12-19
Modified 2007-12-29
opera
opera-devel
linux-opera
< 9.25

CVE-2007-6520
CVE-2007-6521
CVE-2007-6522
CVE-2007-6524
http://www.opera.com/docs/changelogs/freebsd/925/
http://www.opera.com/support/search/view/875/
73ec1008-72f0-11dd-874b-0030843d3802opera -- multiple vulnerabilities

The Opera Team reports:

Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This allows sites to open pages from other sites, and display misleading information on them.

Custom shortcut and menu commands can be used to activate external applications. In some cases, the parameters passed to these applications are not prepared correctly, and may be created from uninitialized memory. These may be misinterpreted as additional parameters, and depending on the application, this could allow execution of arbitrary code.

Successful exploitation requires convincing the user to modify their shortcuts or menu files appropriately, pointing to an appropriate target application, then to activate that shortcut at an appropriate time. To inject code, additional means will have to be employed.

When insecure pages load content from secure sites into a frame, they can cause Opera to incorrectly report the insecure site as being secure. The padlock icon will incorrectly be shown, and the security information dialog will state that the connection is secure, but without any certificate information.

As a security precaution, Opera does not allow Web pages to link to files on the user's local disk. However, a flaw exists that allows Web pages to link to feed source files on the user's computer. Suitable detection of JavaScript events and appropriate manipulation can unreliably allow a script to detect the difference between successful and unsuccessful subscriptions to these files, to allow it to discover if the file exists or not. In most cases the attempt will fail.

It has been reported that when a user subscribes to a news feed using the feed subscription button, the page address can be changed. This causes the address field not to update correctly. Although this can mean that misleading information can be displayed in the address field, it can only leave the attacking page's address in the address bar, not a trusted third party address.


Discovery 2008-08-20
Entry 2008-08-25
Modified 2010-05-12
opera
linux-opera
< 9.52

CVE-2008-4195
CVE-2008-4197
CVE-2008-4198
CVE-2008-4200
http://www.opera.com/support/search/view/893/
http://www.opera.com/support/search/view/894/
http://www.opera.com/support/search/view/895/
http://www.opera.com/support/search/view/896/
http://www.opera.com/support/search/view/897/
fb84d5dd-9528-11dd-9a00-001999392805opera -- multiple vulnerabilities

Opera reports:

If a malicious page redirects Opera to a specially crafted address (URL), it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page.

Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it to run in the context of the local machine. This allows it to read other cache files on the computer or perform other normally more restrictive actions. These files could contain sensitive information, which could then be sent to the attacker.


Discovery 2008-10-04
Entry 2008-10-10
Modified 2010-05-12
opera
linux-opera
< 9.60

CVE-2008-4695
CVE-2008-4694
http://www.opera.com/support/search/view/901/
http://www.opera.com/support/search/view/902/
44224e08-8306-11dc-9283-0016179b2dd5opera -- multiple vulnerabilities

An advisory from Opera reports:

If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code.

When accesing frames from different Web sites, specially crafted scripts can bypass the same-origin policy, and overwrite functions from those frames. If scripts on the page then run those functions, this can cause the script of the attacker's choice to run in the context of the target Web site.


Discovery 2007-10-17
Entry 2007-10-25
opera
opera-devel
linux-opera
< 9.24

CVE-2007-5540
CVE-2007-5541
http://www.opera.com/support/search/view/866/
http://www.opera.com/support/search/view/867/
http://secunia.com/advisories/27277/
6431c4db-deb4-11de-9078-0030843d3802opera -- multiple vulnerabilities

Opera Team reports:

  • Fixed a heap buffer overflow in string to number conversion
  • Fixed an issue where error messages could leak onto unrelated sites
  • Fixed a moderately severe issue, as reported by Chris Evans of the Google Security Team; details will be disclosed at a later date.

Discovery 2009-11-23
Entry 2009-12-01
Modified 2010-05-02
opera
< 10.10.20091120

linux-opera
< 10.10

CVE-2009-0689
CVE-2009-4071
http://www.opera.com/support/kb/view/941/
http://www.opera.com/support/kb/view/942/
e666498a-852a-11e0-8f78-080027ef73ecOpera -- code injection vulnerability through broken frameset handling

Opera Software ASA reports:

Fixed an issue with framesets that could allow execution of arbitrary code, as reported by an anonymous contributor working with the SecuriTeam Secure Disclosure program.


Discovery 2011-05-18
Entry 2011-05-23
opera
< 11.11

opera-devel
< 11.11

linux-opera
< 11.11

http://www.opera.com/docs/changelogs/unix/1111/
http://www.opera.com/support/kb/view/992/
2fda6bd2-c53c-11de-b157-001999392805opera -- multiple vulnerabilities

Opera Team Reports:

  • Fixed an issue where certain domain names could allow execution of arbitrary code, as reported by Chris Weber of Casaba Security
  • Fixed an issue where scripts can run on the feed subscription page, as reported by Inferno

Discovery 2009-10-28
Entry 2009-10-31
Modified 2010-05-02
opera
< 10.01.20091019

linux-opera
< 10.01

CVE-2009-3831
http://www.opera.com/support/kb/view/938/
http://www.opera.com/support/kb/view/939/
78ad2525-9d0c-11db-a5f6-000c6ec775d9opera -- multiple vulnerabilities

iDefense reports:

The vulnerability specifically exists due to Opera improperly processing a JPEG DHT marker. The DHT marker is used to define a Huffman Table which is used for decoding the image data. An invalid number of index bytes in the DHT marker will trigger a heap overflow with partially user controlled data.

Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected host. The attacker would first need to construct a website containing the malicious image and trick the vulnerable user into visiting the site. This would trigger the vulnerability and allow the code to execute with the privileges of the local user.

A flaw exists within Opera's Javascript SVG implementation. When processing a createSVGTransformFromMatrix request Opera does not properly validate the type of object passed to the function. Passing an incorrect object to this function can result in it using a pointer that is user controlled when it attempts to make the virtual function call.

Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected host. The attacker would first need to construct a website containing the malicious JavaScript and trick the vulnerable user into visiting the site. This would trigger the vulnerability and allow the code to execute with the privileges of the local user.


Discovery 2007-01-05
Entry 2007-01-05
Modified 2010-05-12
opera
opera-devel
linux-opera
< 9.10

CVE-2007-0126
CVE-2007-0127
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458
http://www.opera.com/support/search/supsearch.dml?index=851
http://www.opera.com/support/search/supsearch.dml?index=852
ad4a00fa-0157-11dd-8bd3-001372ae3ab9opera -- multiple vulnerabilities

Opera Software reports of multiple security issues in Opera. All of them can lead to arbitrary code execution. Details are as the following:


Discovery 2008-04-03
Entry 2008-04-05
Modified 2010-05-12
opera
< 9.27.20080331

linux-opera
< 9.27.20080331

28585
CVE-2008-1761
CVE-2008-1762
http://www.opera.com/support/search/view/881/
http://www.opera.com/support/search/view/882/
f5c4d7f7-9f4b-11dd-bab1-001999392805opera -- multiple vulnerabilities

Opera reports:

Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to look through the user's browsing history, including the contents of the pages they have visited. These may contain sensitive information.

If a link that uses a JavaScript URL triggers Opera's Fast Forward feature, when the user activates Fast Forward, the script should run on the current page. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated frame, which allows cross-site scripting.

When Opera is previewing a news feed, some scripts are not correctly blocked. These scripts are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information.


Discovery 2008-10-17
Entry 2008-10-28
Modified 2010-05-02
opera
linux-opera
< 9.61

CVE-2008-4697
CVE-2008-4698
CVE-2008-4725
http://www.opera.com/support/search/view/903/
http://www.opera.com/support/search/view/904/
http://www.opera.com/support/search/view/905/
38daea4f-2851-11e2-9483-14dae938ec40opera -- multiple vulnerabilities

Opera reports:

CORS (Cross-Origin Resource Sharing) allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target site sends the correct headers that give permission for their contents to be used in this way. Specially crafted requests may trick Opera into thinking that the target site has given permission when it had not done so. This can result in the contents of any target page being revealed to untrusted sites, including any sensitive information or session IDs contained within the source of those pages.

Also reported are vulnerabilities involving SVG graphics and XSS.


Discovery 2012-11-06
Entry 2012-11-06
Modified 2014-04-30
opera
< 12.10

opera-devel
< 12.10

linux-opera
< 12.10

linux-opera-devel
< 12.10

http://www.opera.com/support/kb/view/1030/
http://www.opera.com/support/kb/view/1031/
http://www.opera.com/support/kb/view/1033/
4582948a-9716-11de-83a5-001999392805opera -- multiple vulnerabilities

Opera Team Reports:

  • Issue where sites using revoked intermediate certificates might be shown as secure
  • Issue where the collapsed address bar didn't show the current domain
  • Issue where pages could trick users into uploading files
  • Some IDNA characters not correctly displaying in the address bar
  • Issue where Opera accepts nulls and invalid wild-cards in certificates

Discovery 2009-09-01
Entry 2009-09-04
Modified 2009-10-29
opera
< 10.00.20090830

opera-devel
le 10.00.b3_1,1

linux-opera
< 10.00

http://www.opera.com/support/search/view/929/
http://www.opera.com/support/search/view/930/
http://www.opera.com/support/search/view/931/
http://www.opera.com/support/search/view/932/
http://www.opera.com/support/search/view/934/
0925716f-34e2-11e2-aa75-003067c2616fopera -- execution of arbitrary code

Opera reports:

When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a memory corruption and crash. It is possible to use this crash to execute the overflowing data as code, which may be controlled by an attacking site.


Discovery 2012-11-19
Entry 2012-11-22
Modified 2014-04-30
opera
< 12.11

opera-devel
< 12.11

linux-opera
< 12.11

linux-opera-devel
< 12.11

http://www.opera.com/support/kb/view/1036/
8c5205b4-11a0-11de-a964-0030843d3802opera -- multiple vulnerabilities

Opera Team reports:

An unspecified error in the processing of JPEG images can be exploited to trigger a memory corruption.

An error can be exploited to execute arbitrary script code in a different domain via unspecified plugins.

An unspecified error has a "moderately severe" impact. No further information is available.


Discovery 2009-03-15
Entry 2009-03-15
Modified 2010-05-02
opera
linux-opera
< 9.64

CVE-2009-0914
CVE-2009-0915
http://www.opera.com/docs/changelogs/freebsd/964/
http://secunia.com/advisories/34135/
85f33a8d-492f-11e2-aa75-003067c2616fopera -- execution of arbitrary code

Opera reports:

When loading GIF images into memory, Opera should allocate the correct amount of memory to store that image. Specially crafted image files can cause Opera to allocate the wrong amount of memory. Subsequent data may then overwrite unrelated memory with attacker-controlled data. This can lead to a crash, which may also execute that data as code.


Discovery 2012-12-18
Entry 2012-12-18
Modified 2014-04-30
opera
< 12.12

opera-devel
< 12.12

linux-opera
< 12.12

linux-opera-devel
< 12.12

http://www.opera.com/support/kb/view/1038/
http://www.opera.com/support/kb/view/1039/
225bc349-ce10-11dd-a721-0030843d3802opera -- multiple vulnerabilities

The Opera Team reports:

Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code.

Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional techniques will have to be employed.

Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remote Web pages cannot refer to file: URLs, so successful exploitation involves tricking users into manually opening the exploit URL, or a local file that refers to it.

When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to. These may contain sensitive information.

Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untrusted users, which it then displays using XSLT as escaped strings, this can allow scripted markup to be injected. The scripts will then be executed in the security context of that site.


Discovery 2008-11-18
Entry 2008-12-19
opera
linux-opera
< 9.63

CVE-2008-5178
http://www.opera.com/support/kb/view/920/
http://www.opera.com/support/kb/view/921/
http://www.opera.com/support/kb/view/922/
http://www.opera.com/support/kb/view/923/
http://www.opera.com/support/kb/view/924/
http://secunia.com/advisories/32752/
12d266b6-363f-11dc-b6c9-000c6ec775d9opera -- multiple vulnerabilities

Opera Software ASA reports of multiple security fixes in Opera, including an arbitrary code execute vulnerability:

Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function that leaves old data that was in the memory before Opera allocated it in the new pattern. The pattern can be read and analyzed by JavaScript, so an attacker can get random samples of the user's memory, which may contain data.

Removing a specially crafted torrent from the download manager can crash Opera. The crash is caused by an erroneous memory access.

An attacker needs to entice the user to accept the malicious BitTorrent download, and later remove it from Opera's download manager. To inject code, additional means will have to be employed.

Users clicking a BitTorrent link and rejecting the download are not affected.

data: URLs embed data inside them, instead of linking to an external resource. Opera can mistakenly display the end of a data URL instead of the beginning. This allows an attacker to spoof the URL of a trusted site.

Opera's HTTP authentication dialog is displayed when the user enters a Web page that requires a login name and a password. To inform the user which server it was that asked for login credentials, the dialog displays the server name.

The user has to see the entire server name. A truncated name can be misleading. Opera's authentication dialog cuts off the long server names at the right hand side, adding an ellipsis (...) to indicate that it has been cut off.

The dialog has a predictable size, allowing an attacker to create a server name which will look almost like a trusted site, because the real domain name has been cut off. The three dots at the end will not be obvious to all users.

This flaw can be exploited by phishers who can set up custom sub-domains, for example by hosting their own public DNS.


Discovery 2007-07-19
Entry 2007-07-19
Modified 2010-05-12
opera
opera-devel
linux-opera
< 9.22

CVE-2007-3929
CVE-2007-4944
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=564
http://www.opera.com/support/search/view/861/
http://www.opera.com/support/search/view/862/
http://www.opera.com/support/search/view/863/
http://www.opera.com/support/search/view/864/
http://www.opera.com/docs/changelogs/freebsd/922/
30c560ff-e0df-11dc-891a-02061b08fc24opera -- multiple vulnerabilities

Opera Software ASA reports about multiple security fixes:

  • Fixed an issue where simulated text inputs could trick users into uploading arbitrary files, as reported by Mozilla.
  • Image properties can no longer be used to execute scripts, as reported by Max Leonov.
  • Fixed an issue where the representation of DOM attribute values could allow cross site scripting, as reported by Arnaud.lb.

Discovery 2008-02-20
Entry 2008-02-22
Modified 2010-05-12
opera
opera-devel
linux-opera
< 9.26

CVE-2008-1080
CVE-2008-1081
http://www.opera.com/docs/changelogs/freebsd/926/
http://www.opera.com/support/search/view/877/
http://www.opera.com/support/search/view/879/
http://www.opera.com/support/search/view/880/
df4a7d21-4b17-11dc-9fc2-001372ae3ab9opera -- Vulnerability in javascript handling

An advisory from Opera reports:

A specially crafted JavaScript can make Opera execute arbitrary code.


Discovery 2007-08-03
Entry 2007-08-15
Modified 2007-08-25
opera
opera-devel
linux-opera
< 9.23.20070809

http://www.opera.com/support/search/view/865/
ea0f45e2-6c4b-11e2-98d9-003067c2616fopera -- execution of arbitrary code

Opera reports:

Particular DOM event manipulations can cause Opera to crash. In some cases, this crash might occur in a way that allows execution of arbitrary code. To inject code, additional techniques would have to be employed.


Discovery 2013-01-30
Entry 2013-02-01
opera
opera-devel
linux-opera
linux-opera-devel
< 12.13

http://www.opera.com/support/kb/view/1042/
http://www.opera.com/support/kb/view/1043/
cebed39d-9e6f-11e2-b3f5-003067c2616fopera -- moderately severe issue

Opera reports:

Fixed a moderately severe issue, as reported by Attila Suszte.


Discovery 2013-04-04
Entry 2014-04-30
opera
< 12.15

opera-devel
< 12.15

linux-opera
< 12.15

linux-opera-devel
< 12.15

http://www.opera.com/docs/changelogs/unified/1215/
http://www.opera.com/support/kb/view/1046/
http://www.opera.com/support/kb/view/1047/
0e30e802-a9db-11dd-93a2-000bcdf0a03bopera -- multiple vulnerabilities

Opera reports:

When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration, allowing them to execute arbitrary code.

The links panel shows links in all frames on the current page, including links with JavaScript URLs. When a page is held in a frame, the script is incorrectly executed on the outermost page, not the page where the URL was located. This can be used to execute scripts in the context of an unrelated frame, which allows cross-site scripting.


Discovery 2008-11-03
Entry 2008-11-03
Modified 2010-05-02
opera
linux-opera
< 9.62

CVE-2008-4794
http://www.opera.com/support/search/view/906/
http://www.opera.com/support/search/view/907/
2eda0c54-34ab-11e0-8103-00215c6a37bbopera -- multiple vulnerabilities

Opera reports:

Opera 11.01 is a recommended upgrade offering security and stability enhancements.

The following security vulnerabilities have been fixed:

  • Removed support for "javascript:" URLs in CSS -o-link values, to make it easier for sites to filter untrusted CSS.
  • Fixed an issue where large form inputs could allow execution of arbitrary code, as reported by Jordi Chancel; see our advisory.
  • Fixed an issue which made it possible to carry out clickjacking attacks against internal opera: URLs; see our advisory.
  • Fixed issues which allowed web pages to gain limited access to files on the user's computer; see our advisory.
  • Fixed an issue where email passwords were not immediately deleted when deleting private data; see our advisory.

Discovery 2011-01-26
Entry 2011-02-10
opera
opera-devel
linux-opera
< 11.01

CVE-2011-0450
CVE-2011-0681
CVE-2011-0682
CVE-2011-0683
CVE-2011-0684
CVE-2011-0685
CVE-2011-0686
CVE-2011-0687
http://www.opera.com/support/kb/view/982/
http://www.opera.com/support/kb/view/983/
http://www.opera.com/support/kb/view/984/
http://secunia.com/advisories/43023