Vulnerabilities > CVE-2005-0456 - Unspecified vulnerability in Opera Browser

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
opera
nessus

Summary

Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_031.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:031 (opera). The commercial web browser Opera has been updated to the 8.0 version, fixing all currently known security problems, including: - CVE-2005-0235: IDN cloaking / homograph attack allows easy spoofing of domain names. - CVE-2005-0456: Opera did not validate base64 encoded binary in data: URLs correctly. - CVE-2005-1139: Opera showed the Organizational Information of SSL certificates which could be easily spoofed and be used for phishing attacks. A full Changelog can be found on: http://www.opera.com/linux/changelogs/800/
    last seen2019-10-28
    modified2005-07-20
    plugin id19240
    published2005-07-20
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19240
    titleSUSE-SA:2005:031: opera
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_20C9BB1481E611D9A9E70001020EED82.NASL
    descriptionA Secunia Advisory reports : Michael Holzt has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to an error in the processing of
    last seen2020-06-01
    modified2020-06-02
    plugin id18865
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18865
    titleFreeBSD : opera -- 'data:' URI handler spoofing vulnerability (20c9bb14-81e6-11d9-a9e7-0001020eed82)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200502-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200502-17 (Opera: Multiple vulnerabilities) Opera contains several vulnerabilities: fails to properly validate Content-Type and filename. fails to properly validate date: URIs. uses kfmclient exec as the Default Application to handle downloaded files when integrated with KDE. fails to properly control frames. uses Sun Java packages insecurely. searches an insecure path for plugins. Impact : An attacker could exploit these vulnerabilities to: execute arbitrary code. load a malicious frame in the context of another browser session. leak information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id16458
    published2005-02-15
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16458
    titleGLSA-200502-17 : Opera: Multiple vulnerabilities