diff options
| author | crees <crees@FreeBSD.org> | 2012-11-07 04:45:14 +0800 |
|---|---|---|
| committer | crees <crees@FreeBSD.org> | 2012-11-07 04:45:14 +0800 |
| commit | 545c881fd881806544125c19c6e92c29e14f1199 (patch) | |
| tree | 9e38869d2a437ab4b04d938c27ce2c6a68ea18ca /security | |
| parent | 2f20dd084150f64add2a7eb9effdf30f76e851ad (diff) | |
| download | freebsd-ports-gnome-545c881fd881806544125c19c6e92c29e14f1199.tar.gz freebsd-ports-gnome-545c881fd881806544125c19c6e92c29e14f1199.tar.zst freebsd-ports-gnome-545c881fd881806544125c19c6e92c29e14f1199.zip | |
Document opera vulnerabilities
Feature safe: yes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 98a5d20faed2..e19ce51859f4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,48 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="38daea4f-2851-11e2-9483-14dae938ec40"> + <topic>opera -- multiple vulnerabilities</topic> + <affects> + <package> + <name>opera</name> + <name>opera-devel</name> + <name>linux-opera</name> + <name>linux-opera-devel</name> + <range><lt>12.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Opera reports:</p> + <blockquote cite="http://www.opera.com/support/kb/view/1030/"> + <p>CORS (Cross-Origin Resource Sharing) allows web pages to retrieve + the contents of pages from other sites, with their permission, + as they would appear for the current user. + When requests are made in this way, the browser should only allow + the page content to be retrieved if the target site sends the + correct headers that give permission for their contents to be + used in this way. Specially crafted requests may trick Opera + into thinking that the target site has given permission when it + had not done so. This can result in the contents of any target page + being revealed to untrusted sites, including any + sensitive information or session IDs contained within the + source of those pages.</p> + </blockquote> + <p>Also reported are vulnerabilities involving SVG graphics and XSS.</p> + </body> + </description> + <references> + <url>http://www.opera.com/support/kb/view/1030/</url> + <url>http://www.opera.com/support/kb/view/1031/</url> + <url>http://www.opera.com/support/kb/view/1033/</url> + </references> + <dates> + <discovery>2012-11-06</discovery> + <entry>2012-11-06</entry> + </dates> + </vuln> + <vuln vid="36533a59-2770-11e2-bb44-003067b2972c"> <topic>linux-flashplugin -- multiple vulnerabilities</topic> <affects> |