Opera 7.x/Firefox 1.0/Internet Explorer 6.0 - Information Disclosure

source: https://www.securityfocus.com/bid/12723/info Multiple browsers are reported prone to an information disclosure weakness. This issue can allow an attacker to determine information such as the location of files, file names and user names on a vulnerable computer. Information gathered throug...

Opera 7.xFirefox 1.0Internet Explorer 6.0 - Information Disclosure

Opera 7.xFirefox 1.0Internet Explorer 6.0 - Information Disclosure source: https://www.securityfocus.com/bid/12723/info Multiple browsers are reported prone to an information disclosure weakness. This issue can allow an attacker to determine information such as the location of files, file names a...

CVE-2004-1490

CVE-2004-1490 affects Opera 7.54 and earlier. The issue: remote attackers can spoof file types shown in the download dialog by manipulating the Content-Disposition or Content-Type headers using dots and non-breaking spaces (ASCII 160). Impact described in sources includes confusion or verificatio...

CVE-2004-1491

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry...

CVE-2005-0456

Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: RFC 2397 URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code...

CVE-2005-0457

CVE-2005-0457 affects Opera on Gentoo Linux (versions 7.54 and earlier) due to an insecure plugin path that allows local privilege escalation by placing malicious libraries in the PORTAGE_TMPDIR. Connected sources (Gentoo GLSA 200502-17) reiterate this as a vulnerability in Opera’s handling of pl...

CVE-2004-1491

CVE-2004-1491 affects Opera 7.54 and earlier. The vulnerability arises because Opera uses kfmclient exec to handle unknown MIME types, allowing a remote attacker to execute arbitrary code via a shortcut or launcher containing an Exec entry. Public documents confirm this as a real issue across mul...

CVE-2004-1489

Opera 7.54 and earlier versions expose an applet’s access to Sun Java internal packages, allowing remote attackers to read sensitive information such as user names and installation directory. Multiple connected sources corroborate the issue and the affected package is Opera (desktop/browser). The...

CVE-2004-1489

Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory...

CVE-2005-0456

Opera 7.54 and earlier is vulnerable to a data: URI handling issue where base64-encoded binary data is not validated, allowing a malicious site to obscure the URL in the download dialog and potentially lead to arbitrary code execution. Connected advisories (Gentoo GLSA 200502-17, OpenVAS entries)...

CVE-2005-0457

Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGETMPDIR portage temporary directory...

CVE-2004-1490

Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces ASCII character code 160 in the 1 Content-Disposition or 2 Content-Type headers...

GLSA-200502-17 : Opera: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200502-17 Opera: Multiple vulnerabilities Opera contains several vulnerabilities: fails to properly validate Content-Type and filename. fails to properly validate date: URIs. uses kfmclient exec as the Default Application to handl...

CVE-2004-0872

CVE-2004-0872 affects Opera and describes a cookie handling flaw where cookies sent over an insecure channel (HTTP) can also be presented on a secure channel (HTTPS/SSL) within the same domain. This enables potential cookie leakage and unauthorized session usage (Cross Security Boundary Cookie In...

CVE-2005-0235

The International Domain Name IDN support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...

CVE-2005-0235

CVE-2005-0235 concerns the IDN homograph spoofing vulnerability in Opera 7.54, where punycode-encoded domain names are decoded in URLs and SSL certificates in a way that can impersonate domains and enable phishing. The SUSE advisory SUSE-SA-2005:031 notes this issue as part of Opera’s vulnerabili...

Opera may insecurely execute binary data encoded in a URI

Overview The Opera web browser fails to validate data encoded using the RFC 2397 scheme. A remote attacker may be able to execute arbitrary code on a vulnerable system. Description The Opera web browser fails to properly handle binary data encoded following the RFC 2397 specification for sending...

CVE-2005-0456

Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: RFC 2397 URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code...

opera -- "data:" URI handler spoofing vulnerability

A Secunia Advisory reports: Michael Holzt has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to an error in the processing of "data:" URIs, causing wrong information to be shown in a...

CVE-2004-1157

Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window...