CVE-2005-2407
published 2005-08-01CVE-2005-2407: A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download…
PriorityP420medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
2.72%
84.2th percentile
A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".
Affected
88 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opera | opera_browser | <= 8.01 | — |
| opera | opera_browser | <= 10.60 | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x7qx-qqfv-f6qw: Opera before 10
ghsa_unreviewed·2022-05-14·CVSS 5.1
CVE-2010-2576 [MEDIUM] CWE-94 GHSA-x7qx-qqfv-f6qw: Opera before 10
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407.
GHSA
GHSA-jx3q-74x5-vgj6: A design error in Opera 8
ghsa_unreviewed·2022-05-01
CVE-2005-2407 [MEDIUM] CWE-1021 GHSA-jx3q-74x5-vgj6: A design error in Opera 8
A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".
GHSA
GHSA-5hgg-xq5w-5m82: Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race
ghsa_unreviewed·2022-04-29·CVSS 5.1
CVE-2004-2659 [MEDIUM] CWE-362 GHSA-5hgg-xq5w-5m82: Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/15781http://secunia.com/secunia_research/2005-19/advisory/http://securitytracker.com/id?1015353http://www.opera.com/linux/changelogs/802/http://www.securityfocus.com/bid/15835http://www.vupen.com/english/advisories/2005/1251http://secunia.com/advisories/15781http://secunia.com/secunia_research/2005-19/advisory/http://securitytracker.com/id?1015353http://www.opera.com/linux/changelogs/802/http://www.securityfocus.com/bid/15835http://www.vupen.com/english/advisories/2005/1251
2005-08-01
Published