Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 2.6 | AV:N/AC:H/Au:N/C:N/I:P/A:N | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 24325
Publication date : 2004-07-26 22h00 +00:00
Author : bitlance winter
EDB Verified : Yes
source: https://www.securityfocus.com/bid/10810/info
Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information. This issue is due to a race condition error.
This issue may be leveraged by an attacker to display false information in the address bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to be derived from a trusted location. This may facilitate phishing attacks; attempted theft of user information for the purpose of identity theft.
<script>
function fake() {
oc=window.open('http://www.opera.com/', '','location=1');
oc.location.replace('http://www.example.com');
}
[/script]
<a href="javascript:void(0);" onClick="fake()">http://www.opera.com/</a>
Products Mentioned
Configuraton 0
Opera>>Opera_browser >> Version To (including) 7.53
- Opera>>Opera_browser >> Version - (Open CPE detail)
- Opera>>Opera_browser >> Version 1.00 (Open CPE detail)
- Opera>>Opera_browser >> Version 2.00 (Open CPE detail)
- Opera>>Opera_browser >> Version 2.10 (Open CPE detail)
- Opera>>Opera_browser >> Version 2.10 (Open CPE detail)
- Opera>>Opera_browser >> Version 2.10 (Open CPE detail)
- Opera>>Opera_browser >> Version 2.10 (Open CPE detail)
- Opera>>Opera_browser >> Version 2.12 (Open CPE detail)
- Opera>>Opera_browser >> Version 3.00 (Open CPE detail)
- Opera>>Opera_browser >> Version 3.00 (Open CPE detail)
- Opera>>Opera_browser >> Version 3.10 (Open CPE detail)
- Opera>>Opera_browser >> Version 3.21 (Open CPE detail)
- Opera>>Opera_browser >> Version 3.50 (Open CPE detail)
- Opera>>Opera_browser >> Version 3.51 (Open CPE detail)
- Opera>>Opera_browser >> Version 3.60 (Open CPE detail)
- Opera>>Opera_browser >> Version 3.61 (Open CPE detail)
- Opera>>Opera_browser >> Version 3.62 (Open CPE detail)
- Opera>>Opera_browser >> Version 3.62 (Open CPE detail)
- Opera>>Opera_browser >> Version 4.00 (Open CPE detail)
- Opera>>Opera_browser >> Version 4.00 (Open CPE detail)
- Opera>>Opera_browser >> Version 4.00 (Open CPE detail)
- Opera>>Opera_browser >> Version 4.00 (Open CPE detail)
- Opera>>Opera_browser >> Version 4.00 (Open CPE detail)
- Opera>>Opera_browser >> Version 4.00 (Open CPE detail)
- Opera>>Opera_browser >> Version 4.01 (Open CPE detail)
- Opera>>Opera_browser >> Version 4.02 (Open CPE detail)
- Opera>>Opera_browser >> Version 5.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 5.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 5.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 5.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 5.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 5.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 5.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 5.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 5.02 (Open CPE detail)
- Opera>>Opera_browser >> Version 5.10 (Open CPE detail)
- Opera>>Opera_browser >> Version 5.11 (Open CPE detail)
- Opera>>Opera_browser >> Version 5.12 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.01 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.1 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.1 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.02 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.03 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.04 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.05 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.06 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.10 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.11 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.12 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.01 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.02 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.03 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.10 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.10 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.11 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.11 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.20 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.20 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.21 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.22 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.23 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.30 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.50 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.50 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.51 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.52 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.53 (Open CPE detail)
References
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.html
Tags : mailing-list, x_refsource_FULLDISC
Tags : mailing-list, x_refsource_FULLDISC
