Page 58 of 325 results (0.007 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html http://marc.info/?l=bugtraq&m=110782704923280&w=2 http://www.novell.com/linux/security/advisories/2005_31_opera.html http://www.securityfocus.com/bid/12461 http://www.shmoo.com/idn http://www.shmoo.com/idn/homograph.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/19236 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code. • http://secunia.com/advisories/13818 http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml http://www.kb.cert.org/vuls/id/882926 http://www.novell.com/linux/security/advisories/2005_31_opera.html http://www.opera.com/linux/changelogs/754u2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18867 •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 1

Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029044.html http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml http://www.opera.com/linux/changelogs/754u1 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1

Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user. • http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0131.html http://osvdb.org/8331 http://secunia.com/advisories/12233 http://www.gentoo.org/security/en/glsa/glsa-200408-05.xml http://www.greymagic.com/security/advisories/gm008-op http://www.opera.com/docs/changelogs/windows/754 http://www.securityfocus.com/bid/10873 https://exchange.xforce.ibmcloud.com/vulnerabilities/16904 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 2

Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407. • http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •