| Vulnerability Name: | CVE-2004-2491 (CCN-16816) | ||||||||
| Assigned: | 2004-07-26 | ||||||||
| Published: | 2004-07-26 | ||||||||
| Updated: | 2022-02-28 | ||||||||
| Summary: | A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-362 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Mon Jul 26 2004 - 08:02:11 CDT Opera 7.53 (Build 3850) Address Bar Spoofing Issue Source: FULLDISC Type: Broken Link, Exploit 20040726 Opera 7.53 (Build 3850) Address Bar Spoofing Issue Source: MITRE Type: CNA CVE-2004-2491 Source: CCN Type: SA12162 Opera Browser Address Bar Spoofing Vulnerability Source: SECUNIA Type: Broken Link, Patch 12162 Source: CONFIRM Type: Broken Link, Patch http://www.opera.com/windows/changelogs/754/ Source: OSVDB Type: Broken Link, Exploit 8317 Source: CCN Type: OSVDB ID: 8317 Opera Multiple Function Address Bar Spoofing Source: BID Type: Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry 10810 Source: CCN Type: BID-10810 Opera Web Browser Location Replace URI Obfuscation Weakness Source: XF Type: Third Party Advisory, VDB Entry opera-addressbar-spoofing(16816) Source: XF Type: UNKNOWN opera-addressbar-spoofing(16816) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||