CVE-2009-2351

Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header, a related issue to...

CVE-2009-2351

CVE-2009-1312 is referenced in MiracleLinux AXSA advisories as a vulnerability in Mozilla Firefox and SeaMonkey where javascript: URIs in Refresh headers in HTTP responses were not blocked. Affected versions include Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17; this could enable cross...

CVE-2009-2351

Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header, a related issue to...

Opera Unite: Botmaster's Best Friend?

From IDG News Service Robert McMillan Opera has added a lot of cool new features to its upcoming Opera 10 browser, and one of them is almost sure to catch the eye of cyber criminals. It’s called Opera Unite, and while Opera promotes it as an exciting new platform for next-generation Web...

多个浏览器HTTPS内容上下文中的HTTP资源安全绕过漏洞

Bugraq ID: 35403 CVE ID：CVE-2009-2065 CVE-2009-2064 CVE-2009-2066 CVE-2009-2067 CNCVE ID：CNCVE-20092065 CNCVE-20092064 CNCVE-20092066 CNCVE-20092067 当页面通过不安全方法对安全内容请求资源进行操作时不正确显示警告，可导致绕过多个WEB浏览器安全限制。 攻击者可以利用这个漏洞进行钓鱼攻击或获得敏感信息。不过要利用此漏洞，攻击者必须截获或控制网络通信，如通过中间人，DNS毒药等攻击。 如下浏览器受此漏洞影响： Microsoft Internet...

多个浏览器WEB代理重定向处理中间人漏洞

Bugraq ID: 35412 CVE ID：CVE-2009-2061 CVE-2009-2062 CVE-2009-2063 多个浏览器处理WEB代理重定向存在中间人攻击。 攻击者可以利用这个漏洞进行钓鱼攻击或获得敏感信息。不过要利用此漏洞，攻击者必须截获或控制网络通信，如通过中间人，DNS毒药等攻击。 如下浏览器受此漏洞影响： Mozilla Firefox prior to 3.0.10 Apple Safari prior to 3.2.2 Opera prior to 9.25 Opera Software Opera Web Browser 8.51 Opera...

Opera Web Script Execution Vulnerabilities - June09 (Linux)

This host has Opera browser installed and is prone to Web Script Execution vulnerabilities. OpenVAS Vulnerability Test $Id: secpodoperawebscriptexecvulnjun09lin.nasl 5122 2017-01-27 12:16:00Z teissa $ Opera Web Script Execution Vulnerabilities - June09 Linux Authors: Sharath S Copyright: Copyrigh...

Opera Web Script Execution Vulnerabilities (Jun 2009) - Windows

Opera browser is prone to multiple web script execution vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Opera Web Script Execution Vulnerabilities - June09 (Windows)

This host has Opera browser installed and is prone to Web Script Execution vulnerabilities. OpenVAS Vulnerability Test $Id: secpodoperawebscriptexecvulnjun09win.nasl 5122 2017-01-27 12:16:00Z teissa $ Opera Web Script Execution Vulnerabilities - June09 Windows Authors: Sharath S Copyright:...

Opera Web Script Execution Vulnerabilities (Jun 2009) - Linux

Opera browser is prone to multiple web script execution vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-2067

Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related...

CVE-2009-2063

Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site...

CVE-2009-2070

Opera displays a cached certificate for a 1 4xx or 2 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a...

CVE-2009-2059

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" atta...

Cross site request forgery (csrf)

Opera displays a cached certificate for a 1 4xx or 2 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a...

Design/Logic Flaw

Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site...

Hardcoded credentials

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" atta...

Design/Logic Flaw

Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related...

CVE-2009-2070

Opera displays a cached certificate for a 1 4xx or 2 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a...

CVE-2009-2067

Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related...