CVE-2005-1475
https://notcve.org/view.php?id=CVE-2005-1475
The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. • http://secunia.com/advisories/15008 http://secunia.com/secunia_research/2005-4/advisory http://www.securityfocus.com/bid/13970 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2005-1669
https://notcve.org/view.php?id=CVE-2005-1669
Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. • http://secunia.com/advisories/15411 http://secunia.com/secunia_research/2005-5/advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-1139
https://notcve.org/view.php?id=CVE-2005-1139
Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks. • http://www.geotrust.com/resources/advisory/sslorg/index.htm http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm http://www.novell.com/linux/security/advisories/2005_31_opera.html http://www.securityfocus.com/bid/13176 https://exchange.xforce.ibmcloud.com/vulnerabilities/40503 •
CVE-2005-0457
https://notcve.org/view.php?id=CVE-2005-0457
Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. • http://bugs.gentoo.org/show_bug.cgi?id=81747 http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml • CWE-427: Uncontrolled Search Path Element •
CVE-2005-0238
https://notcve.org/view.php?id=CVE-2005-0238
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html http://www.securityfocus.com/bid/12461 http://www.shmoo.com/idn http://www.shmoo.com/idn/homograph.txt https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399 https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 •