opera -- multiple vulnerabilities

Description:

Opera reports:

Opera 11.01 is a recommended upgrade offering security and stability enhancements.

The following security vulnerabilities have been fixed:

• Removed support for "javascript:" URLs in CSS -o-link values, to make it easier for sites to filter untrusted CSS.
• Fixed an issue where large form inputs could allow execution of arbitrary code, as reported by Jordi Chancel; see our advisory.
• Fixed an issue which made it possible to carry out clickjacking attacks against internal opera: URLs; see our advisory.
• Fixed issues which allowed web pages to gain limited access to files on the user's computer; see our advisory.
• Fixed an issue where email passwords were not immediately deleted when deleting private data; see our advisory.

References:

• CVE name CVE-2011-0450
• CVE name CVE-2011-0681
• CVE name CVE-2011-0682
• CVE name CVE-2011-0683
• CVE name CVE-2011-0684
• CVE name CVE-2011-0685
• CVE name CVE-2011-0686
• CVE name CVE-2011-0687
• URL: <http://www.opera.com/support/kb/view/982/>
• URL: <http://www.opera.com/support/kb/view/983/>
• URL: <http://www.opera.com/support/kb/view/984/>
• URL: <http://secunia.com/advisories/43023>

Affects:

• opera <11.01
• opera-devel <11.01
• linux-opera <11.01

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.