Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2491 — Race Condition in Browser

CWE-362 — Race Condition CWE-368 — Context Switching Race Condition5 documents5 sources

Severity

2.6LOWNVD

EPSS

10.4%

top 6.77%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Opera Browser

Timeline

PublishedDec 31

Latest updateApr 29

Description

A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDopera/opera_browser7.53

Patches

Patch: secunia.com ↗Patch: www.opera.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-6rch-h7pj-5838: A race condition in Opera web browser 7↗2022-04-29

▶

CVEList

CVE-2004-2491: A race condition in Opera web browser 7↗2005-10-25

▶

💥Exploits & PoCs

Exploit-DB

Opera Web Browser 7.53 - Location Replace URI Obfuscation↗2004-07-27

▶

📐Framework References

CWE

Context Switching Race Condition↗

▶