Vulnerabilities > CVE-2005-0456 - Unspecified vulnerability in Opera Browser
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN opera
nessus
Summary
Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_031.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:031 (opera). The commercial web browser Opera has been updated to the 8.0 version, fixing all currently known security problems, including: - CVE-2005-0235: IDN cloaking / homograph attack allows easy spoofing of domain names. - CVE-2005-0456: Opera did not validate base64 encoded binary in data: URLs correctly. - CVE-2005-1139: Opera showed the Organizational Information of SSL certificates which could be easily spoofed and be used for phishing attacks. A full Changelog can be found on: http://www.opera.com/linux/changelogs/800/ last seen 2019-10-28 modified 2005-07-20 plugin id 19240 published 2005-07-20 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19240 title SUSE-SA:2005:031: opera NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_20C9BB1481E611D9A9E70001020EED82.NASL description A Secunia Advisory reports : Michael Holzt has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to an error in the processing of last seen 2020-06-01 modified 2020-06-02 plugin id 18865 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18865 title FreeBSD : opera -- 'data:' URI handler spoofing vulnerability (20c9bb14-81e6-11d9-a9e7-0001020eed82) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200502-17.NASL description The remote host is affected by the vulnerability described in GLSA-200502-17 (Opera: Multiple vulnerabilities) Opera contains several vulnerabilities: fails to properly validate Content-Type and filename. fails to properly validate date: URIs. uses kfmclient exec as the Default Application to handle downloaded files when integrated with KDE. fails to properly control frames. uses Sun Java packages insecurely. searches an insecure path for plugins. Impact : An attacker could exploit these vulnerabilities to: execute arbitrary code. load a malicious frame in the context of another browser session. leak information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16458 published 2005-02-15 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16458 title GLSA-200502-17 : Opera: Multiple vulnerabilities
References
- http://www.opera.com/linux/changelogs/754u2/
- http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml
- http://www.kb.cert.org/vuls/id/882926
- http://secunia.com/advisories/13818/
- http://www.novell.com/linux/security/advisories/2005_31_opera.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18867