CVSS: 7.5EPSS: 8%CPEs: 6EXPL: 7CVE-2005-0233
https://notcve.org/view.php?id=CVE-2005-0233
07 Feb 2005 — The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html •
CVSS: 9.1EPSS: 22%CPEs: 9EXPL: 1CVE-2002-2311
https://notcve.org/view.php?id=CVE-2002-2311
31 Dec 2002 — Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. • http://online.securityfocus.com/archive/1/283866 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2002-2332
https://notcve.org/view.php?id=CVE-2002-2332
31 Dec 2002 — Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. • http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0167.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 3CVE-2002-2358 – Opera 6.0.x - FTP View Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2358
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL. • https://www.exploit-db.com/exploits/21681 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 3CVE-2002-0898 – Opera 6.0.1/6.0.2 - Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2002-0898
04 Oct 2002 — Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline. Opera 6.0.1 y 6.0.2 permite a un sitio web remoto cargar ficheros arbitrarios del sistema cliente, sin preguntar al cliente, mediante una etiqueta <input type=file> que contiene un carácter de nueva línea. • https://www.exploit-db.com/exploits/21483 •
CVSS: 9.8EPSS: 4%CPEs: 13EXPL: 1CVE-2002-1091
https://notcve.org/view.php?id=CVE-2002-1091
04 Oct 2002 — Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. • http://bugzilla.mozilla.org/show_bug.cgi?id=157989 •
CVSS: 7.5EPSS: 7%CPEs: 6EXPL: 3CVE-2002-0783 – Opera 5.12/6.0 - Frame Location Same Origin Policy Circumvention
https://notcve.org/view.php?id=CVE-2002-0783
26 Jul 2002 — Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL. • https://www.exploit-db.com/exploits/21451 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0243
https://notcve.org/view.php?id=CVE-2002-0243
03 May 2002 — Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. Vulnerabilidad de secuencias de comandos en sitios cruzados en Internet Opera 6 y anteriores permite que atacante remotos ejecuten código arbitrario por medio de un formulario HTML extendido, cuya salida del servidor remoto no se ha aclarado adecuadamente. • http://marc.info/?l=bugtraq&m=101309907709138&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0270
https://notcve.org/view.php?id=CVE-2002-0270
03 May 2002 — Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. • http://marc.info/?l=bugtraq&m=101363764421623&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 2CVE-2001-1491 – Microsoft Internet Explorer 6.0 / Mozilla 0.9.6 / Opera 5.1 - Image Count Denial of Service
https://notcve.org/view.php?id=CVE-2001-1491
31 Dec 2001 — Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. • https://www.exploit-db.com/exploits/21181 •