Page 46 of 255 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. • http://secunia.com/advisories/15008 http://secunia.com/secunia_research/2005-4/advisory http://www.securityfocus.com/bid/13970 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. • http://secunia.com/advisories/15411 http://secunia.com/secunia_research/2005-5/advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks. • http://www.geotrust.com/resources/advisory/sslorg/index.htm http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm http://www.novell.com/linux/security/advisories/2005_31_opera.html http://www.securityfocus.com/bid/13176 https://exchange.xforce.ibmcloud.com/vulnerabilities/40503 •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. • http://bugs.gentoo.org/show_bug.cgi?id=81747 http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.5EPSS: 93%CPEs: 6EXPL: 7

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html http://marc.info/?l=bugtraq&m=110782704923280&w=2 http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml http://www.mozilla.org/security/announce/mfsa2005-29.html http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html http://www.redhat.com/support/errata/RHSA-2005-176.html http://www.redhat.com/support/errata/ •