Vulnerabilities > CVE-2005-3006 - Multiple vulnerability in Opera Web Browser Mail Client
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames.
Vulnerable Configurations
Nessus
NASL family | Windows |
NASL id | OPERA_850.NASL |
description | The remote host is using Opera, an alternative web browser. The installed version of Opera on the remote host contains two flaws its mail client and one in the browser. First, message attachments are opened from the user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19766 |
published | 2005-09-21 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19766 |
title | Opera < 8.50 Multiple Vulnerabilities |
code |
|
References
- http://marc.info/?l=bugtraq&m=112724692219695&w=2
- http://secunia.com/advisories/16645
- http://secunia.com/secunia_research/2005-42/advisory/
- http://www.opera.com/docs/changelogs/linux/850/
- http://www.opera.com/docs/changelogs/windows/850/
- http://www.osvdb.org/19508
- http://www.securityfocus.com/advisories/9339
- http://www.securityfocus.com/bid/14880
- http://www.vupen.com/english/advisories/2005/1789
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22335