FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
77b9f9bc-7fdf-11df-8a8d-0008743bf21a	opera -- Data URIs can be used to allow cross-site scripting The Opera Desktop Team reports: Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did not directly cause them to be opened. Discovery 2010-06-21 Entry 2010-06-25 opera < 10.11 opera-devel <= 10.20_2,1 http://www.opera.com/support/kb/view/955/
a4a809d8-25c8-11e1-b531-00215c6a37bb	opera -- multiple vulnerabilities Opera software reports: Fixed a moderately severe issue; details will be disclosed at a later date Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory Improved handling of certificate revocation corner cases Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory Discovery 2011-12-06 Entry 2011-12-13 opera linux-opera < 11.60 opera-devel < 11.60,1 CVE-2011-3389 CVE-2011-4681 CVE-2011-4682 CVE-2011-4683 http://www.opera.com/support/kb/view/1003/ http://www.opera.com/support/kb/view/1004/ http://www.opera.com/support/kb/view/1005/

VuXML ID

Description

77b9f9bc-7fdf-11df-8a8d-0008743bf21a

opera -- Data URIs can be used to allow cross-site scripting

The Opera Desktop Team reports:

Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did not directly cause them to be opened.

Discovery 2010-06-21
Entry 2010-06-25
opera

< 10.11

opera-devel

<= 10.20_2,1

http://www.opera.com/support/kb/view/955/

a4a809d8-25c8-11e1-b531-00215c6a37bb

opera -- multiple vulnerabilities

Opera software reports:

Fixed a moderately severe issue; details will be disclosed at a later date

Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory

Improved handling of certificate revocation corner cases

Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory

Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory

Discovery 2011-12-06
Entry 2011-12-13
opera
linux-opera

< 11.60

opera-devel

< 11.60,1

CVE-2011-3389
CVE-2011-4681
CVE-2011-4682
CVE-2011-4683
http://www.opera.com/support/kb/view/1003/
http://www.opera.com/support/kb/view/1004/
http://www.opera.com/support/kb/view/1005/