[SA15870] Opera Download Dialog Spoofing Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Opera 8 multiple security vulnerabilities

Crossite scripting on message generation if automatic redirection is disabled. javascript: crossite scripting. XMLHttpRequest object crossite access. Download dialog spoofing. Crossite scripting on image dragging...

[SA15756] Opera Image Dragging Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Opera < 8.02 Multiple Vulnerabilities

The remote host is using Opera, an alternative web browser. The version of Opera installed on the remote host contains several flaws. One involves imaging dragging and could result in cross-site scripting attacks and user file retrieval. A second may let attackers spoof the file extension in the...

CVE-2005-2405

Opera 8.01 is affected when Arial Unicode MS (ARIALUNI.TTF) is installed: extended ASCII in the file-download dialog can be spoofed, potentially leading users to execute arbitrary code. The issue is documented in CVE-2005-2405; OpenVAS notes vulnerability in Opera

CVE-2005-2406

CVE-2005-2406 affects Opera 8.01. The vulnerability allows remote attackers to perform cross-site scripting (XSS) or alter which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI. Root cause is input handling during file drag that leads to script execution. ...

CVE-2005-2407

A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking"...

CVE-2005-2407

Opera prior to 10.61 is affected by a design/implementation flaw where a malicious window can overlay a download dialog, enabling user‑assisted code execution via link hijacking or clickjacking. The issue is explicitly linked as related to CVE‑2005‑2407 and described in connected records as affec...

CVE-2005-2406

Opera 8.01 allows remote attackers to conduct cross-site scripting XSS attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI...

CVE-2005-2405

Opera 8.01, when the "Arial Unicode MS" font ARIALUNI.TTF is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code...

Opera Multiple Vulnerabilities

Binary data 3153.prm...

opera -- image dragging vulnerability

A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and retrieve a user's files. The vulnerability is caused due to Opera allowing a user to drag e.g. an image, which is actually a...

opera -- download dialog spoofing vulnerability

A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to an error in the handling of extended ASCII codes in the download dialog. This can be...

SUSE-SA:2005:034: opera

The remote host is missing the patch for the advisory SUSE-SA:2005:034 opera. The web browser Opera has been updated to version 8.01 to fix various security-related bugs. Fixed XMLHttpRequest redirect vulnerability reported in Secunia Advisory 15008. Fixed cross-site scripting vulnerability...

SUSE-SA:2005:031: opera

The remote host is missing the patch for the advisory SUSE-SA:2005:031 opera. The commercial web browser Opera has been updated to the 8.0 version, fixing all currently known security problems, including: - CVE-2005-0235: IDN cloaking / homograph attack allows easy spoofing of domain names. -...

CVE-2004-2260

Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute...

CVE-2005-2309

Opera 8.01 allows remote attackers to cause a denial of service CPU consumption via a crafted JPEG image, as demonstrated using random.jpg...

CVE-2005-2309

Opera 8.01 allows remote attackers to cause a denial of service CPU consumption via a crafted JPEG image, as demonstrated using random.jpg...

CVE-2004-2260

Opera Browser 7.23 and other versions before 7.50 are affected by an address-bar spoofing weakness. The root cause is a JavaScript-based onUnload/unOnload handling during page redirects, which can cause the address bar to display a spoofed domain and mislead users. This vulnerability could enable...

CVE-2005-2309

CVE-2005-2309 affects Opera 8.01: a crafted JPEG image can cause a denial-of-service (CPU consumption). Demonstrated with random.jpg. Documents confirm Opera as affected and the DoS impact; no additional details on root cause or patch are provided in the supplied sources.