FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  375358
Date:      2014-12-23
Time:      21:24:55Z
Committer: rea

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
77b9f9bc-7fdf-11df-8a8d-0008743bf21aopera -- Data URIs can be used to allow cross-site scripting

The Opera Desktop Team reports:

Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did not directly cause them to be opened.


Discovery 2010-06-21
Entry 2010-06-25
opera
lt 10.11

opera-devel
le 10.20_2,1

http://www.opera.com/support/kb/view/955/
77b9f9bc-7fdf-11df-8a8d-0008743bf21aopera -- Data URIs can be used to allow cross-site scripting

The Opera Desktop Team reports:

Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did not directly cause them to be opened.


Discovery 2010-06-21
Entry 2010-06-25
opera
lt 10.11

opera-devel
le 10.20_2,1

http://www.opera.com/support/kb/view/955/
4582948a-9716-11de-83a5-001999392805opera -- multiple vulnerabilities

Opera Team Reports:

  • Issue where sites using revoked intermediate certificates might be shown as secure
  • Issue where the collapsed address bar didn't show the current domain
  • Issue where pages could trick users into uploading files
  • Some IDNA characters not correctly displaying in the address bar
  • Issue where Opera accepts nulls and invalid wild-cards in certificates

Discovery 2009-09-01
Entry 2009-09-04
Modified 2009-10-29
opera
lt 10.00.20090830

opera-devel
le 10.00.b3_1,1

linux-opera
lt 10.00

http://www.opera.com/support/search/view/929/
http://www.opera.com/support/search/view/930/
http://www.opera.com/support/search/view/931/
http://www.opera.com/support/search/view/932/
http://www.opera.com/support/search/view/934/
4582948a-9716-11de-83a5-001999392805opera -- multiple vulnerabilities

Opera Team Reports:

  • Issue where sites using revoked intermediate certificates might be shown as secure
  • Issue where the collapsed address bar didn't show the current domain
  • Issue where pages could trick users into uploading files
  • Some IDNA characters not correctly displaying in the address bar
  • Issue where Opera accepts nulls and invalid wild-cards in certificates

Discovery 2009-09-01
Entry 2009-09-04
Modified 2009-10-29
opera
lt 10.00.20090830

opera-devel
le 10.00.b3_1,1

linux-opera
lt 10.00

http://www.opera.com/support/search/view/929/
http://www.opera.com/support/search/view/930/
http://www.opera.com/support/search/view/931/
http://www.opera.com/support/search/view/932/
http://www.opera.com/support/search/view/934/
a4a809d8-25c8-11e1-b531-00215c6a37bbopera -- multiple vulnerabilities

Opera software reports:

  • Fixed a moderately severe issue; details will be disclosed at a later date
  • Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory
  • Improved handling of certificate revocation corner cases
  • Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory
  • Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory

Discovery 2011-12-06
Entry 2011-12-13
opera
linux-opera
lt 11.60

opera-devel
lt 11.60,1

CVE-2011-3389
CVE-2011-4681
CVE-2011-4682
CVE-2011-4683
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/
a4a809d8-25c8-11e1-b531-00215c6a37bbopera -- multiple vulnerabilities

Opera software reports:

  • Fixed a moderately severe issue; details will be disclosed at a later date
  • Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory
  • Improved handling of certificate revocation corner cases
  • Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory
  • Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory

Discovery 2011-12-06
Entry 2011-12-13
opera
linux-opera
lt 11.60

opera-devel
lt 11.60,1

CVE-2011-3389
CVE-2011-4681
CVE-2011-4682
CVE-2011-4683
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/