Opera: >> Opera Browser >> 8.0 Security Vulnerabilities
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.
CVSS Score
2.6
EPSS Score
0.015
Published
2005-09-21
A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".
CVSS Score
5.1
EPSS Score
0.011
Published
2005-08-01
Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
CVSS Score
2.6
EPSS Score
0.003
Published
2005-07-13
The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-06-16
Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains.
CVSS Score
6.8
EPSS Score
0.004
Published
2005-06-16
Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-04-14
Page 22