CVE-2010-2576 — Code Injection in Browser

CWE-94 — Code Injection4 documents4 sources

Severity

6.8MEDIUMNVD

CNA5.1

EPSS

1.9%

top 16.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opera Browser

Timeline

PublishedAug 16

Latest updateMay 14

Description

Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDopera/opera_browser10.60+86

🔴Vulnerability Details

GHSA

GHSA-x7qx-qqfv-f6qw: Opera before 10↗2022-05-14

▶

CVEList

CVE-2010-2576: Opera before 10↗2010-08-16

▶

💬Community

Bugzilla

CVE-2010-4054 ghostscript: NULL pointer dereference by processing garbage font data in type1 and type2 font interpreters [fedora-12]↗2010-10-28

▶