Vulnerability Description
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opera | Opera Browser | <= 7.53 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.htmlBroken LinkExploit
- http://secunia.com/advisories/12162Broken LinkPatch
- http://www.opera.com/windows/changelogs/754/Broken LinkPatch
- http://www.osvdb.org/8317Broken LinkExploit
- http://www.securityfocus.com/bid/10810Broken LinkExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16816Third Party AdvisoryVDB Entry
- http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.htmlBroken LinkExploit
- http://secunia.com/advisories/12162Broken LinkPatch
- http://www.opera.com/windows/changelogs/754/Broken LinkPatch
- http://www.osvdb.org/8317Broken LinkExploit
- http://www.securityfocus.com/bid/10810Broken LinkExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16816Third Party AdvisoryVDB Entry
FAQ
What is CVE-2004-2491?
CVE-2004-2491 is a vulnerability with a CVSS score of 2.6 (LOW). A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the...
How severe is CVE-2004-2491?
CVE-2004-2491 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2491?
Check the references section above for vendor advisories and patch information. Affected products include: Opera Opera Browser.