ID CVE-2009-3047
Summary Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.
References
Vulnerable Configurations
  • cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.64:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.64:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:*:beta_3:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:*:beta_3:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
oval via4
accepted 2014-03-17T04:00:28.723-04:00
class vulnerability
contributors
  • name Chandan S
    organization SecPod Technologies
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
comment Opera Browser is installed
oval oval:org.mitre.oval:def:6482
description Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.
family windows
id oval:org.mitre.oval:def:6460
status accepted
submitted 2009-09-24T12:57:10
title Opera before 10.00 allow remote attacks to spoof URLs
version 11
refmap via4
confirm
Last major update 30-10-2018 - 16:26
Published 02-09-2009 - 17:30
Last modified 30-10-2018 - 16:26
Back to Top