CVE-2005-2407 — UI Misrepresentation / Clickjacking in Browser

CWE-1021 — UI Misrepresentation / Clickjacking CWE-362 — Race Condition CWE-94 — Code Injection10 documents4 sources

Severity

6.8MEDIUMNVD

NVD5.1NVD4.0CNA5.1CNA4.0

EPSS

1.1%

top 21.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opera Browser

Timeline

PublishedAug 1

Latest updateMay 14

Description

A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDopera/opera_browser8.01+87

Patches

Patch: secunia.com ↗Patch: www.opera.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-x7qx-qqfv-f6qw: Opera before 10↗2022-05-14

▶

GHSA

GHSA-jx3q-74x5-vgj6: A design error in Opera 8↗2022-05-01

▶

GHSA

GHSA-5hgg-xq5w-5m82: Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race↗2022-04-29

▶

CVEList

CVE-2010-2576: Opera before 10↗2010-08-16

▶

CVEList

CVE-2004-2659: Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race↗2006-04-29

▶

💬Community

Bugzilla

CVE-2005-3671 Openswan Denial of Service↗2005-11-25

▶