FreeBSD Bugzilla – Attachment 90992 Details for
Bug 128264
Update www/opera and www/opera-linuxplugins to version 9.61
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuln.xml.diff
vuln.xml.diff (text/plain), 2.32 KB, created by
Arjan van Leeuwen
on 2008-10-21 09:50:01 UTC
(
hide
)
Description:
vuln.xml.diff
Filename:
MIME Type:
Creator:
Arjan van Leeuwen
Created:
2008-10-21 09:50:01 UTC
Size:
2.32 KB
patch
obsolete
>--- /usr/ports/security/vuxml/vuln.xml 2008-10-20 18:19:08.000000000 +0200 >+++ vuln.xml 2008-10-21 10:44:19.711655016 +0200 >@@ -34,6 +34,53 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="f5c4d7f7-9f4b-11dd-bab1-001999392805"> >+ <topic>opera -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>opera</name> >+ <range><lt>9.61.20081017</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Opera reports:</p> >+ <blockquote cite="http://www.opera.com/support/search/view/903/"> >+ <p>Certain constructs are not escaped correctly by Opera's >+ History Search results. These can be used to inject scripts >+ into the page, which can then be used to look through the user's >+ browsing history, including the contents of the pages they have >+ visited. These may contain sensitive information.</p> >+ </blockquote> >+ <blockquote cite="http://www.opera.com/support/search/view/904/"> >+ <p>If a link that uses a JavaScript URL triggers Opera's Fast >+ Forward feature, when the user activates Fast Forward, the >+ script should run on the current page. When a page is held in a >+ frame, the script is incorrectly executed on the outermost page, >+ not the page where the URL was located. This can be used to >+ execute scripts in the context of an unrelated frame, which >+ allows cross-site scripting.</p> >+ </blockquote> >+ <blockquote cite="http://www.opera.com/support/search/view/905/"> >+ <p>When Opera is previewing a news feed, some scripts are not >+ correctly blocked. These scripts are able to subscribe the user >+ to any feed URL that the attacker chooses, and can also view >+ the contents of any feeds that the user is subscribed to. >+ These may contain sensitive information.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>http://www.opera.com/support/search/view/903/</url> >+ <url>http://www.opera.com/support/search/view/904/</url> >+ <url>http://www.opera.com/support/search/view/905/</url> >+ </references> >+ <dates> >+ <discovery>2008-10-17</discovery> >+ <entry>2008-10-21</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="06eac338-9ddf-11dd-813f-000e35248ad7"> > <topic>libxine -- denial of service vulnerability</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=90992">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 128264
:
90991
| 90992