FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  321237
Date:      2013-06-19
Time:      11:08:02Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a4a809d8-25c8-11e1-b531-00215c6a37bbopera -- multiple vulnerabilities

Opera software reports:

  • Fixed a moderately severe issue; details will be disclosed at a later date
  • Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory
  • Improved handling of certificate revocation corner cases
  • Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory
  • Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory

Discovery 2011-12-06
Entry 2011-12-13
opera
linux-opera
lt 11.60

opera-devel
lt 11.60,1

CVE-2011-3389
CVE-2011-4681
CVE-2011-4682
CVE-2011-4683
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/
77b9f9bc-7fdf-11df-8a8d-0008743bf21aopera -- Data URIs can be used to allow cross-site scripting

The Opera Desktop Team reports:

Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did not directly cause them to be opened.


Discovery 2010-06-21
Entry 2010-06-25
opera
lt 10.11

opera-devel
le 10.20_2,1

http://www.opera.com/support/kb/view/955/
a4a809d8-25c8-11e1-b531-00215c6a37bbopera -- multiple vulnerabilities

Opera software reports:

  • Fixed a moderately severe issue; details will be disclosed at a later date
  • Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory
  • Improved handling of certificate revocation corner cases
  • Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory
  • Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory

Discovery 2011-12-06
Entry 2011-12-13
opera
linux-opera
lt 11.60

opera-devel
lt 11.60,1

CVE-2011-3389
CVE-2011-4681
CVE-2011-4682
CVE-2011-4683
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/
77b9f9bc-7fdf-11df-8a8d-0008743bf21aopera -- Data URIs can be used to allow cross-site scripting

The Opera Desktop Team reports:

Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did not directly cause them to be opened.


Discovery 2010-06-21
Entry 2010-06-25
opera
lt 10.11

opera-devel
le 10.20_2,1

http://www.opera.com/support/kb/view/955/