FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e666498a-852a-11e0-8f78-080027ef73ecOpera -- code injection vulnerability through broken frameset handling

Opera Software ASA reports:

Fixed an issue with framesets that could allow execution of arbitrary code, as reported by an anonymous contributor working with the SecuriTeam Secure Disclosure program.


Discovery 2011-05-18
Entry 2011-05-23
opera
< 11.11

opera-devel
< 11.11

linux-opera
< 11.11

http://www.opera.com/docs/changelogs/unix/1111/
http://www.opera.com/support/kb/view/992/
a4a809d8-25c8-11e1-b531-00215c6a37bbopera -- multiple vulnerabilities

Opera software reports:

  • Fixed a moderately severe issue; details will be disclosed at a later date
  • Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory
  • Improved handling of certificate revocation corner cases
  • Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory
  • Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory

Discovery 2011-12-06
Entry 2011-12-13
opera
linux-opera
< 11.60

opera-devel
< 11.60,1

CVE-2011-3389
CVE-2011-4681
CVE-2011-4682
CVE-2011-4683
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/
0925716f-34e2-11e2-aa75-003067c2616fopera -- execution of arbitrary code

Opera reports:

When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a memory corruption and crash. It is possible to use this crash to execute the overflowing data as code, which may be controlled by an attacking site.


Discovery 2012-11-19
Entry 2012-11-22
Modified 2014-04-30
opera
< 12.11

opera-devel
< 12.11

linux-opera
< 12.11

linux-opera-devel
< 12.11

http://www.opera.com/support/kb/view/1036/
85f33a8d-492f-11e2-aa75-003067c2616fopera -- execution of arbitrary code

Opera reports:

When loading GIF images into memory, Opera should allocate the correct amount of memory to store that image. Specially crafted image files can cause Opera to allocate the wrong amount of memory. Subsequent data may then overwrite unrelated memory with attacker-controlled data. This can lead to a crash, which may also execute that data as code.


Discovery 2012-12-18
Entry 2012-12-18
Modified 2014-04-30
opera
< 12.12

opera-devel
< 12.12

linux-opera
< 12.12

linux-opera-devel
< 12.12

http://www.opera.com/support/kb/view/1038/
http://www.opera.com/support/kb/view/1039/
38daea4f-2851-11e2-9483-14dae938ec40opera -- multiple vulnerabilities

Opera reports:

CORS (Cross-Origin Resource Sharing) allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target site sends the correct headers that give permission for their contents to be used in this way. Specially crafted requests may trick Opera into thinking that the target site has given permission when it had not done so. This can result in the contents of any target page being revealed to untrusted sites, including any sensitive information or session IDs contained within the source of those pages.

Also reported are vulnerabilities involving SVG graphics and XSS.


Discovery 2012-11-06
Entry 2012-11-06
Modified 2014-04-30
opera
< 12.10

opera-devel
< 12.10

linux-opera
< 12.10

linux-opera-devel
< 12.10

http://www.opera.com/support/kb/view/1030/
http://www.opera.com/support/kb/view/1031/
http://www.opera.com/support/kb/view/1033/
cebed39d-9e6f-11e2-b3f5-003067c2616fopera -- moderately severe issue

Opera reports:

Fixed a moderately severe issue, as reported by Attila Suszte.


Discovery 2013-04-04
Entry 2014-04-30
opera
< 12.15

opera-devel
< 12.15

linux-opera
< 12.15

linux-opera-devel
< 12.15

http://www.opera.com/docs/changelogs/unified/1215/
http://www.opera.com/support/kb/view/1046/
http://www.opera.com/support/kb/view/1047/
ea0f45e2-6c4b-11e2-98d9-003067c2616fopera -- execution of arbitrary code

Opera reports:

Particular DOM event manipulations can cause Opera to crash. In some cases, this crash might occur in a way that allows execution of arbitrary code. To inject code, additional techniques would have to be employed.


Discovery 2013-01-30
Entry 2013-02-01
opera
opera-devel
linux-opera
linux-opera-devel
< 12.13

http://www.opera.com/support/kb/view/1042/
http://www.opera.com/support/kb/view/1043/
2eda0c54-34ab-11e0-8103-00215c6a37bbopera -- multiple vulnerabilities

Opera reports:

Opera 11.01 is a recommended upgrade offering security and stability enhancements.

The following security vulnerabilities have been fixed:

  • Removed support for "javascript:" URLs in CSS -o-link values, to make it easier for sites to filter untrusted CSS.
  • Fixed an issue where large form inputs could allow execution of arbitrary code, as reported by Jordi Chancel; see our advisory.
  • Fixed an issue which made it possible to carry out clickjacking attacks against internal opera: URLs; see our advisory.
  • Fixed issues which allowed web pages to gain limited access to files on the user's computer; see our advisory.
  • Fixed an issue where email passwords were not immediately deleted when deleting private data; see our advisory.

Discovery 2011-01-26
Entry 2011-02-10
opera
opera-devel
linux-opera
< 11.01

CVE-2011-0450
CVE-2011-0681
CVE-2011-0682
CVE-2011-0683
CVE-2011-0684
CVE-2011-0685
CVE-2011-0686
CVE-2011-0687
http://www.opera.com/support/kb/view/982/
http://www.opera.com/support/kb/view/983/
http://www.opera.com/support/kb/view/984/
http://secunia.com/advisories/43023