--- /usr/ports/security/vuxml/vuln.xml 2008-10-20 18:19:08.000000000 +0200 +++ vuln.xml 2008-10-21 10:44:19.711655016 +0200 @@ -34,6 +34,53 @@ --> + + opera -- multiple vulnerabilities + + + opera + 9.61.20081017 + + + + +

Opera reports:

+
Certain constructs are not escaped correctly by Opera's + History Search results. These can be used to inject scripts + into the page, which can then be used to look through the user's + browsing history, including the contents of the pages they have + visited. These may contain sensitive information.
+

+
If a link that uses a JavaScript URL triggers Opera's Fast + Forward feature, when the user activates Fast Forward, the + script should run on the current page. When a page is held in a + frame, the script is incorrectly executed on the outermost page, + not the page where the URL was located. This can be used to + execute scripts in the context of an unrelated frame, which + allows cross-site scripting.
+

+
When Opera is previewing a news feed, some scripts are not + correctly blocked. These scripts are able to subscribe the user + to any feed URL that the attacker chooses, and can also view + the contents of any feeds that the user is subscribed to. + These may contain sensitive information.
+

+ + + + http://www.opera.com/support/search/view/903/ + http://www.opera.com/support/search/view/904/ + http://www.opera.com/support/search/view/905/ + + + 2008-10-17 + 2008-10-21 + + + libxine -- denial of service vulnerability