CVE-2004-2570
Opera < 7.54 - Remote Code Execution via Location Object Manipulation
Title source: llmDescription
Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user.
References (8)
Core 8
Core References
Broken Link, Exploit, Vendor Advisory x_refsource_misc
http://www.greymagic.com/security/advisories/gm008-op/
Broken Link, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12233
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16904
Broken Link, Patch x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/754/
Patch, Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200408-05.xml
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10873
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/8331
Broken Link mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0131.html
Scores
EPSS
0.0087
EPSS Percentile
75.5%
Details
CWE
CWE-74
Status
published
Products (1)
opera/opera_browser
< 7.54
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026