Lucene search

MitreCVE-2004-2659

HistoryApr 29, 2006 - 10:00 a.m.

CVE-2004-2659

2006-04-2910:00:00

CWE-362

mitre

web.nvd.nist.gov

cve-2004-2659

opera

open button

vulnerability

race condition

user-assisted

remote attackers

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

AI Score

Confidence

High

EPSS

0.007

Percentile

80.3%

JSON

Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.

Affected configurations

Nvd

Node

mozillamozillaMatch-

operaopera_browserMatch-

VendorProductVersionCPE
mozillamozilla-cpe:/a:mozilla:mozilla:-:::
operaopera_browser-cpe:/a:opera:opera_browser:-:::

Vendor	Product	Version	CPE
mozilla	mozilla	-	cpe:/a:mozilla:mozilla:-:::
opera	opera_browser	-	cpe:/a:opera:opera_browser:-:::

References

archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html

www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

AI Score

Confidence

High

EPSS

0.007

Percentile

80.3%

JSON

Related for CVE-2004-2659