Vulnerabilities > CVE-2005-0235 - Unspecified vulnerability in Opera Browser
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN opera
nessus
Summary
The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_031.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:031 (opera). The commercial web browser Opera has been updated to the 8.0 version, fixing all currently known security problems, including: - CVE-2005-0235: IDN cloaking / homograph attack allows easy spoofing of domain names. - CVE-2005-0456: Opera did not validate base64 encoded binary in data: URLs correctly. - CVE-2005-1139: Opera showed the Organizational Information of SSL certificates which could be easily spoofed and be used for phishing attacks. A full Changelog can be found on: http://www.opera.com/linux/changelogs/800/ last seen 2019-10-28 modified 2005-07-20 plugin id 19240 published 2005-07-20 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19240 title SUSE-SA:2005:031: opera NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-003.NASL description The remote host is missing Security Update 2005-003. This security update contains security fixes for the following applications : - AFP Server - Bluetooth Setup Assistant - Core Foundation - Cyrus IMAP - Cyrus SASL - Folder Permissions - Mailman - Safari These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 17587 published 2005-03-21 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17587 title Mac OS X Multiple Vulnerabilities (Security Update 2005-003)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
- http://www.shmoo.com/idn
- http://www.shmoo.com/idn/homograph.txt
- http://www.securityfocus.com/bid/12461
- http://www.novell.com/linux/security/advisories/2005_31_opera.html
- http://marc.info/?l=bugtraq&m=110782704923280&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19236