| Vulnerability Name: | CVE-2005-2273 (CCN-18867) | ||||||||
| Assigned: | 2005-01-12 | ||||||||
| Published: | 2005-01-12 | ||||||||
| Updated: | 2022-02-28 | ||||||||
| Summary: | Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-0456 Source: MITRE Type: CNA CVE-2005-2273 Source: CCN Type: SA13818 Opera "data:" URI Handler Spoofing Vulnerability Source: CCN Type: SA15488 Opera Dialog Origin Spoofing Vulnerability Source: SECUNIA Type: Not Applicable 15488 Source: MISC Type: Not Applicable http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/ Source: MISC Type: Not Applicable http://secunia.com/secunia_research/2005-8/ Source: CCN Type: GLSA-200502-17 Opera: Multiple vulnerabilities Source: CCN Type: US-CERT VU#882926 Opera may insecurely execute binary data encoded in a URI Source: CCN Type: OSVDB ID: 12867 Opera data: URI Handler Application Spoofing Source: CCN Type: OSVDB ID: 79191 Opera Javascript Dialog Origin Spoofing Source: CCN Type: BID-12550 Opera Web Browser Multiple Remote Vulnerabilities Source: CCN Type: BID-18867 AuraCMS Multiple Input Validation Vulnerabilities Source: XF Type: UNKNOWN opera-data-dialog-spoofing(18867) Source: SUSE Type: SUSE-SA:2005:031 Opera: various problems | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||