CVE-2005-0233

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which ...

CVE-2004-1491

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

CVE-2004-1489

Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.

CVE-2005-0456

Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.

CVE-2004-0872

Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

CVE-2004-1490

Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.

CVE-2004-1615

Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.