Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html | Broken Link Exploit |
http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2004-12-30 21:00
Updated : 2022-02-28 10:38
NVD link : CVE-2004-2659
Mitre link : CVE-2004-2659
JSON object : View
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Products Affected
opera
- opera_browser
mozilla
- mozilla