Opera Software: Security Vulnerabilities
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVSS Score
7.5
EPSS Score
0.086
Published
2005-02-08
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
CVSS Score
6.4
EPSS Score
0.235
Published
2002-12-31
Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage.
CVSS Score
5.8
EPSS Score
0.023
Published
2002-12-31
Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
CVSS Score
5.0
EPSS Score
0.014
Published
2002-12-31
Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.
CVSS Score
4.3
EPSS Score
0.005
Published
2002-12-31
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
CVSS Score
4.3
EPSS Score
0.001
Published
2002-12-31
Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.
CVSS Score
5.0
EPSS Score
0.047
Published
2002-10-04
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
CVSS Score
7.5
EPSS Score
0.052
Published
2002-10-04
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.
CVSS Score
7.5
EPSS Score
0.115
Published
2002-08-12
Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
CVSS Score
7.5
EPSS Score
0.006
Published
2002-05-29
Page 1